Each Realm must have it's own KDC?

Austin Gonyou austin at coremetrics.com
Thu Mar 21 17:36:00 EST 2002 

NP. Thx much!



On Thu, 2002-03-21 at 16:30, Derek Atkins wrote:
> Sorry, I do not know.
> 
> Please report any success (or failure) to krbdev.
> 
> -derek
> 
> Austin Gonyou <austin at coremetrics.com> writes:
> 
> > Thanks much. I would seem as that as well, but I don't know of any
> > documentation on the subject. As I said, I read the docs provided,
> > unless I'm missing some pages the implementation of such a thing seems
> > spartan. 
> > 
> > I'm going to take sunday and see what I can get out of it as well as
> > re-reading all docs. As part of this, should I have to create multiple
> > DB's to accomplish this? If you know? (i.e. kdb5_util create -s -r
> > SOMEOTHERREALM.ORG -d
> > /var/kerberos/krb5kdc/principal.SOMEOTHERREALM.ORG)
> > 
> > If not, thanks anyway!
> > 
> > 
> > 
> > On Thu, 2002-03-21 at 16:06, Derek Atkins wrote:
> > > Each realm needs to have its own logical KDC, but I believe you can
> > > run one "krb5kdc" process that serves multiple realms.  Note that this
> > > is implementation dependent.  The protocol doesn't really care, but an
> > > implementation may (or may not) limit you.
> > > 
> > > -derek
> > > 
> > > Austin Gonyou <austin at coremetrics.com> writes:
> > > 
> > > > After reading through the KRB5 installation and administration
> > > manuals,
> > > > it seems to me that each kerberos realm must have it's own KDC. Is
> > > that
> > > > in fact so, or is there a way to have multiple realms served my the
> > > same
> > > > KDC. 
> > > > 
> > > > We're facing some pretty crazy DNS changes soon, and it would affect
> > > the
> > > > kerberos rollout plan rather directly. TIA.
> > > > 
> > > > 
> > > > -- 
> > > > Austin Gonyou
> > > > Systems Architect, CCNA
> > > > Coremetrics, Inc.
> > > > Phone: 512-698-7250
> > > > email: austin at coremetrics.com
> > > > 
> > > > "It is the part of a good shepherd to shear his flock, not to skin
> > > it."
> > > > Latin Proverb
> > > > _______________________________________________
> > > > krbdev mailing list             krbdev at mit.edu
> > > > http://mailman.mit.edu/mailman/listinfo/krbdev
> > > 
> > > -- 
> > >        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> > >        Member, MIT Student Information Processing Board  (SIPB)
> > >        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
> > >        warlord at MIT.EDU                        PGP key available
> > -- 
> > Austin Gonyou
> > Systems Architect, CCNA
> > Coremetrics, Inc.
> > Phone: 512-698-7250
> > email: austin at coremetrics.com
> > 
> > "It is the part of a good shepherd to shear his flock, not to skin it."
> > Latin Proverb
> 
> -- 
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord at MIT.EDU                        PGP key available
-- 
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-698-7250
email: austin at coremetrics.com

"It is the part of a good shepherd to shear his flock, not to skin it."
Latin Proverb

More information about the krbdev mailing list