Multiple Realm Question...
David E. Cross
david at wsg.net
Thu May 15 11:52:40 EDT 2008
.. Not entirely sure this is appropriate for krbdev... but it seems to
relate directly to the MIT codebase, and I haven't found any answers in
FAQs, etc..
I am looking to setup multiple realms on a single KDC, specifically the
"right" way to do this.
It _seems_ that the architecture is in place to do all of it with a
single database, all of the principals within the "principal" file have
their REALMs as part of the key, the per-realm secret is setup by
default to be .k5.REALM.. so it seems it can all share a single
database. However when I try to kdb5_util -r SECOND.REALM -s it dies
on an error that the principal database already exists.
Must I have multiple principal files? If so, why, it seems like a fair
bit of thought was put in place to allow sharing. If its just a limit
on creation (it seems to be), can I (should I) kdb5_util dump/load/merge
my way around it?
Thank you.
--
David E. Cross
More information about the krbdev
mailing list