Multi Realm Question

Tom Parker tparker at cbnco.com
Fri Sep 3 15:36:42 EDT 2010


  Hi

I have an odd situation and I am wondering if anyone on the list has 
done this before or has any suggestions.

I am setting up an international network of servers in various countries 
that will have local staff authenticating against a local realm 
(XX.EXAMPLE.COM) for daily activities.

I also have a group of systems administrators at our head office who are 
in their own realm (EXAMPLE.COM) who will need access to these same 
services as well as systems administration permissions on all the servers.

I don't want to move all of the local users to the central realm and 
replicate to local servers because there will be thousands of them 
around the world.

All of our services support Cross Realm authentication but I want to 
have a local copy of my central realm as a slave in each country for 
faster access and redundancy in case our networks go down while a head 
office admin is physically at a remote office.

My question therefor is:  Is there a way to run a single KDC with two 
realms, One as master for XX.EXAMPLE.COM and one as slave for 
EXAMPLE.COM?  And if not, how would you solve this?

Thanks

Tom Parker
Canadian Bank Note Company, Ltd.




More information about the Kerberos mailing list