Problems with kadmind, kpasswd and cross-realm authentication
Tim Mooney
mooney at dogbert.cc.ndsu.NoDak.edu
Thu Sep 27 16:22:57 EDT 2007
In regard to: Re: Problems with kadmind, kpasswd and cross-realm...:
> That is why I asked earlier if it was safe to use multiple kadmind daemons
> against the same database. If it is safe, then I can launch multiple
> processes (one for each realm). However, it if isn't safe, I'm assuming that
> there is a way to separate the realm into different databases and launch
> each daemon against a different database.
This is how we've been doing it. One KDC for 11 realms + 11 kadminds (one
per realm, each on a different port). You will also need one kpropd per
realm on your secondary server(s).
> Assuming separating the realms
> into different databases would be safe, how do you do it?
I don't know how you separate them if they're currently joined; we started
with them separate.
> 2. How to safely work-around the issue?
The way you've suggested has worked for us for multiple years.
Tim
--
Tim Mooney mooney at dogbert.cc.ndsu.NoDak.edu
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
More information about the Kerberos
mailing list