Does /etc/krb5.conf have to be present and identical on all Kerberos infrastructure participants?

Nico Williams nico at cryptonector.com
Wed Nov 5 15:09:08 EST 2014


On Wed, Nov 5, 2014 at 1:47 PM, Booker Bense <bbense at gmail.com> wrote:
> [1]-  a process can have more than one krb5_context, but let's not get too
> crazy.

GSS-API acceptor apps that use the default acceptor credential can
trivially be in "multiple realms" at once in one process.  I've
certainly seen this happen, and even set it up.

For this and other reasons I don't think it's a good idea to tie
"realm" to "process".  It's not too inaccurate, but it's not helpful
enough to be worth the trouble.

Nico
--


More information about the Kerberos mailing list