suggestion for locating master kdc logic
Sam Hartman
hartmans at MIT.EDU
Mon Apr 9 08:16:53 EDT 2012
So, whether to go to a master KDC is a realm property. If your realm is
multi-master or otherwise has fairly good replication (iprop with the
default deflay doesn't count) then the master KDC concept is
problematic. Similarly, if different principals are homed at different
KDCs, then master KDC doesn't make sense.
So, whether it makes sense to go to a master KDC is a property of a
realm.
I don't think it makes sense to have a libdefault switch to set that
behavior because there's no general default.
So, I guess you could have a per-realm switch to specify whether to fall
back to admin_server for that realm, but why not just specify the master
KDC at that point.
--Sam
More information about the krbdev
mailing list