Replicated LDAP as backend

Robert Wehn robert.wehn at rz.uni-augsburg.de
Fri Jul 25 02:35:38 EDT 2014



On July 25, 2014 12:45:46 AM CEST, Paul van der Vlis <paul at vandervlis.nl> wrote:
>op 24-07-14 19:16, Robert Wehn schreef:
>> 
>> Am 24.07.2014 11:44, schrieb Paul van der Vlis:
>The command I give is to download a key, not to change anything.
>But maybe it tries to write something too, no idea.
As you see in Thomas' answer it seems to do so

>Does it make sence to run krb5-admin-server at the slave-kdc server on
>the new location or is it better to stop this service?
I'm not sure if the kadmin server on the slave site can be configured to make the changes on the master site. If not I would turn it off.

>I think it's a good idea to change the "admin_server" setting in
>/etc/krb5.conf on the new location to the server at the old location.
>Correct?
In my opinion: yes. And also the kpasswd server.

If you publish the servers in DNS also change the corresponding SRV records.

Regards, Robert.

--

Dr. Robert Wehn ........................ http://www.rz.uni-augsburg.de
Universität Augsburg, Rechenzentrum ............. Tel. (0821) 598-2047
86135 Augsburg .................................. Fax. (0821) 598-2028



More information about the Kerberos mailing list