Problems with kadmind, kpasswd and cross-realm authentication

Tim Mooney mooney at dogbert.cc.ndsu.NoDak.edu
Thu Sep 27 16:22:57 EDT 2007


In regard to: Re: Problems with kadmind, kpasswd and cross-realm...:

> That is why I asked earlier if it was safe to use multiple kadmind daemons
> against the same database. If it is safe, then I can launch multiple
> processes (one for each realm). However, it if isn't safe, I'm assuming that
> there is a way to separate the realm into different databases and launch
> each daemon against a different database.

This is how we've been doing it.  One KDC for 11 realms + 11 kadminds (one
per realm, each on a different port).  You will also need one kpropd per
realm on your secondary server(s).

> Assuming separating the realms
> into different databases would be safe, how do you do it?

I don't know how you separate them if they're currently joined; we started
with them separate.

> 2. How to safely work-around the issue?

The way you've suggested has worked for us for multiple years.

Tim
-- 
Tim Mooney                              mooney at dogbert.cc.ndsu.NoDak.edu
Information Technology Services         (701) 231-1076 (Voice)
Room 242-J6, IACC Building              (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164



More information about the Kerberos mailing list