[krbdev.mit.edu #2580] need realm identification at service level
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Sun May 30 15:57:22 EDT 2004
For some uncommon(?) configurations like running a single service on a machine in one
realm, while other services on the machine are in a different realm, we should have a
mechanism for identifying the realm of a single service, perhaps as an extension to the
domain-realm mapping in the config file.
Doing this with KDC-based referrals shouldn't be hard, when we get there, but I suspect in
the majority of cases it'll be done for testing or short-lived services for which the
administrative hassle or delay in updating the (production) KDC with the new service makes it
a poor choice; that would presumably be the case for adding referral data too. In such cases,
though, we really don't need a solution that scales up well, and tweaking the config file is
probably adequate.
More information about the krb5-bugs
mailing list