[krbdev.mit.edu #8945] krb5kdc: the 32 realms limit

Дилян Палаузов via RT rt-comment at krbdev.mit.edu
Mon Sep 7 10:37:14 EDT 2020 

Mon Sep 07 10:37:14 2020: Request 8945 was acted upon.
 Transaction: Ticket created by dilyan.palauzov at aegee.org
       Queue: krb5
     Subject: krb5kdc: the 32 realms limit
       Owner: Nobody
  Requestors: dilyan.palauzov at aegee.org
      Status: new
 Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8945 >


Hello,

https://web.mit.edu/kerberos/krb5-1.18/doc/admin/admin_commands/krb5kdc.html says:

OPTIONS

The -r realm option specifies the realm for which the server should
provide service. This option may be specified multiple times to serve
multiple realms. If no -r option is given, the default realm (as
specified in krb5.conf) will be served.

EXAMPLE
The KDC may service requests for multiple realms (maximum 32 realms).
The realms are listed on the command line. Per-realm options that can
be specified on the command line pertain for each realm that follows it
and are superseded by subsequent definitions of the same option.

---------------------------

• If krb5.conf defines 62 realms, can I run two instances of krb5kdc,
each with 31 -r parameters, to cover all realms?  The answer shall be
evident from the documentation.

• Please extend krb5kdc, so that a single instance can handle unlimited
amount of realms

• Please add means to krb5kdc to serve all configured realms in
kdc.conf, without the need to create -r for each realm

• In the meantime, move in the documentation above the 32-limitation
from the Example section to the Options section.

Greetings
  Dilyan

More information about the krb5-bugs mailing list