Multiple Realm Question...
Tim Mooney
mooney at dogbert.cc.ndsu.NoDak.edu
Thu May 15 17:37:40 EDT 2008
In regard to: Re: Multiple Realm Question..., David E. Cross said (at...:
> So, I started by playing it safe and having 2 separate directories.
> This mostly worked. The issue was that kadmind doesn't seem to like to
> have 2 principal databases with 2 private keys (stash files), and 2
> keytabs. I would get inconsistent errors trying to "kadmin -r REALM1"
> or "kadmin -r REALM2".
We've served multiple realms from one host for several years. What's
worked for us is
- one kdc process serving multiple separate databases, in multiple
separate directories.
- a kadmind process for each realm. kadmind obviously needs to listen
on different ports for different realms, if you only have one IP address
associated with the box.
- on any secondary servers, one kpropd for each realm, also each on a
separate port.
I've posted information on how to set this up previously, and someone else
has done a more thorough "How To" guide on the same process. Do some
searching (don't forget to search Usenet groups, as it was probably posted
to the "general use" mailing list, which is gatewayed to a newsgroup)
and you should turn up the necessary info on how to do this.
Tim
--
Tim Mooney mooney at dogbert.cc.ndsu.NoDak.edu
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
More information about the krbdev
mailing list