kadmin/<host> principals
Jaap Winius
jwinius at umrk.nl
Mon Jan 14 21:13:08 EST 2013
Hi folks,
My Kerberos server includes four kadmin/... principals:
kadmin/admin at EXAMPLE.COM
kadmin/changepw at EXAMPLE.COM
kadmin/history at EXAMPLE.COM
kadmin/munchkin.example.com at EXAMPLE.COM
In this case, munchkin was the name of my current server when I first
installed it. Soon after it was renamed when it replaced an older server.
At first I thought that the kadmin/<host> entry was necessary to allow
the localhost to run kadmind. However, more than two years later it is
still the only kadmin/<host> principal and my Kerberos server (incl.
kadmind) has continued to function properly despite this mismatch.
Moreover, the DNS entry for munchkin was deleted soon after the old
server was replaced.
What are the disadvantages in this situation? Also, if I plan to
occasionally move the master Kerberos server to another host, can I
create multiple kadmin/<host> principals without causing any problems?
Thanks,
Jaap
More information about the Kerberos
mailing list