Multi Realm Question
Tom Parker
tparker at cbnco.com
Fri Sep 3 15:36:42 EDT 2010
Hi
I have an odd situation and I am wondering if anyone on the list has
done this before or has any suggestions.
I am setting up an international network of servers in various countries
that will have local staff authenticating against a local realm
(XX.EXAMPLE.COM) for daily activities.
I also have a group of systems administrators at our head office who are
in their own realm (EXAMPLE.COM) who will need access to these same
services as well as systems administration permissions on all the servers.
I don't want to move all of the local users to the central realm and
replicate to local servers because there will be thousands of them
around the world.
All of our services support Cross Realm authentication but I want to
have a local copy of my central realm as a slave in each country for
faster access and redundancy in case our networks go down while a head
office admin is physically at a remote office.
My question therefor is: Is there a way to run a single KDC with two
realms, One as master for XX.EXAMPLE.COM and one as slave for
EXAMPLE.COM? And if not, how would you solve this?
Thanks
Tom Parker
Canadian Bank Note Company, Ltd.
More information about the Kerberos
mailing list