Each Realm must have it's own KDC?
Austin Gonyou
austin at coremetrics.com
Thu Mar 21 19:15:01 EST 2002
Doods..Thanks so much. You all have been very helpful. My sunday should
go much better than I originally planned! :)
On Thu, 2002-03-21 at 17:19, Matt Crawford wrote:
> I've been running two realms for years with an overlapping, but not
> identical, set of KDCs (all MIT-derived code). It so happens that
> the master (admin server) for each realm serves that realm only, so I
> can't say whether you can merge those.
>
> Yes, two databases, two stanzas in kdc.conf.
>
> Nope, same port, same process serves both.
>
>
> [kdcdefaults]
> kdc_ports = 88,750
> kdc_warn_pwexpire = 30d
>
> [realms]
> REALM.ONE = {
> database_name = /usr/krb5/var/krb5kdc/principal_main
> acl_file = /usr/krb5/var/krb5kdc/kadm5.acl
> kadmind_port = 749
> master_key_type = des-cbc-crc
> max_life = 26h 0m 0s
> max_renewable_life = 7d 0h 0m 0s
> admin_keytab = /usr/krb5/var/krb5kdc/kadm5.keytab
> dict_file = /usr/krb5/share/pw_dict
> supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4
> des-cbc-crc:afs3
> }
> REALM.TWO = {
> database_name = /usr/krb5/var/krb5kdc/principal_test
> max_life = 1h 0m 0s
> max_renewable_life = 4h 0m 0s
> master_key_type = des-cbc-crc
> supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4
> des-cbc-crc:afs3
> }
--
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-698-7250
email: austin at coremetrics.com
"It is the part of a good shepherd to shear his flock, not to skin it."
Latin Proverb
More information about the krbdev
mailing list