Changing the KDC's hostname?

Richard E. Silverman res at qoxp.net
Wed Jan 9 23:21:01 EST 2008


>>>>> "RA" == Russ Allbery <rra at stanford.edu> writes:

    RA> "bryan at virginia.edu" <catselbow at gmail.com> writes:
    >> I'd like to change the hostname of my kdc, but I'm worried that
    >> this will break kerberos.  What steps should I take to ensure this
    >> doesn't happen?  I'm running MIT kerberos version 1.6.2 under
    >> CentOS 5.  I have a primary KDC and a backup KDC.

    RA> As long as you update DNS SRV records and krb5.conf files
    RA> accordingly, changing the hostname shouldn't be an issue.  The
    RA> Kerberos database itself doesn't care about the local hostname.

    RA> -- Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>

One possible side issue is kprop -- when you change the hostname you'll
have to authorize the new host principal to push the database to the
slaves (kpropd.acl).

-- 
  Richard Silverman
  res at qoxp.net




More information about the Kerberos mailing list