Mulltiple domains in one KDC process?

Greg Hudson ghudson at MIT.EDU
Thu Oct 17 10:35:36 EDT 2013


On 10/17/2013 07:53 AM, Rick van Rein (OpenFortress) wrote:
> Still, this isn't dynamically configurable… is it the only way to do it?

It's the only supported way to do it.

The unsupported way is to run all of your realms out of a single KDB,
and configure the KDC with only one realm.  None of our admin tools
really help with this (for example, kdb5_util has no way to create K/M
and other special principals in an existing database), but if you can
get past that, I understand it to mostly work.

> And will kadmin / kpasswd work?

We do not currently have multi-realm support for kadmind (and by
extension, password-changes).  Each realm needs its own kadmind running
on a different port.



More information about the Kerberos mailing list