preauth plugin configuration issues

Tim Mooney mooney at
Sat Mar 3 19:50:23 EST 2007

In regard to: Re: preauth plugin configuration issues, Sam Hartman said (at...:

>    Nicolas> Kevin, since MIT krb5 does not currently support more
>    Nicolas> than one realm per-KDC I think you can simply note the
>    Nicolas> problem and move on.  Multi-realm per-KDC support can be
>    Nicolas> put on the list for, say, 1.8.
> We used to support more than one realm per KDC the way Kevin is
> talking about.  I personally don't think it works, and if that's true,
> I agree Kevin should ignore it.  However Ken thinks it does still
> work.  We have not verified yet.

It seems to be working for us.  We're running 11 realms with one KDC
process using Red Hat 4's 1.3.4-33 packages.  We previously ran the
exact same config with their 1.2.x packages under RHEL 3.

We weren't aware that MIT had deprecated that type of configuration.
We would be sorry to see it go -- we would need to use up 10 more IPs
than we currently are to manage the same config, as I don't
think we could get away with running the different KDCs on different
ports.  That works fine for kadmind, but it's problematic for the KDC.

Tim Mooney                              mooney at
Information Technology Services         (701) 231-1076 (Voice)
Room 242-J6, IACC Building              (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164

More information about the krbdev mailing list