[krbdev.mit.edu #8836] Pushing changes to KDC replicas by synchronizing the LDAP backend

Дилян Палаузов via RT rt-comment at KRBDEV-PROD-APP-1.mit.edu
Fri Sep 27 10:41:28 EDT 2019 

Fri Sep 27 10:41:28 2019: Request 8836 was acted upon.
 Transaction: Ticket created by dilyan.palauzov at aegee.org
       Queue: krb5
     Subject: Pushing changes to KDC replicas by synchronizing the LDAP backend
       Owner: Nobody
  Requestors: dilyan.palauzov at aegee.org
      Status: new
 Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8836 >


Hello,

The KDC database can be distributed by iprop/kprop, using incremental or full replication.

The KDC can store its data in LDAP backend.  In LDAP servers can synchronize theirselves in the master/replica model,
e.g. as described at https://openldap.org/doc/admin24/replication.html .

Please document what is the difference between using kprop(d) for distributing changes to the KDC replicas and using
LDAP master/replice synchronization that alter the KDC replica database.

Regards
  Дилян

More information about the krb5-bugs mailing list