krb5_sname_to_principal or LDAP/SASL/GSSAPI and reverse DNS
Nicolas Williams
Nicolas.Williams at sun.com
Tue Apr 8 18:58:54 EDT 2003
On Tue, Apr 08, 2003 at 06:17:48PM -0400, Sam Hartman wrote:
> Nico, I can think of complex solutions to the problem too. I'm not at
> all convinced that clusters should share principals for the reasons I
> outlined in mail to Paul.
A shared filesystem based shared replay cache is not farfetched. A
shared replay cache provider is.
Anyone doing any take-over-the-identity-and-resources sort of high
availability with protocols that use Kerberos will have to deal with
this replay cache clustering problem anyways.
Supporting shared filesystem based shared replay caches is just a matter
of correctly resolving acceptor principal names to replay cache names/paths.
Cheers,
Nico
--
More information about the krbdev
mailing list