Each Realm must have it's own KDC?

Derek Atkins warlord at MIT.EDU
Thu Mar 21 17:10:00 EST 2002

Each realm needs to have its own logical KDC, but I believe you can
run one "krb5kdc" process that serves multiple realms.  Note that this
is implementation dependent.  The protocol doesn't really care, but an
implementation may (or may not) limit you.


Austin Gonyou <austin at coremetrics.com> writes:

> After reading through the KRB5 installation and administration manuals,
> it seems to me that each kerberos realm must have it's own KDC. Is that
> in fact so, or is there a way to have multiple realms served my the same
> KDC. 
> We're facing some pretty crazy DNS changes soon, and it would affect the
> kerberos rollout plan rather directly. TIA.
> -- 
> Austin Gonyou
> Systems Architect, CCNA
> Coremetrics, Inc.
> Phone: 512-698-7250
> email: austin at coremetrics.com
> "It is the part of a good shepherd to shear his flock, not to skin it."
> Latin Proverb
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> http://mailman.mit.edu/mailman/listinfo/krbdev

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

More information about the krbdev mailing list