Changing the KDC search base dynamically
Shani Ranasinghe
shanira14 at gmail.com
Wed Dec 4 00:40:06 EST 2013
Hi,
I am a newbie to Kerberos.
I have a set up where the realm (YYY.ORG) has many OU's (an OU for a
tenant). The structure is as follows
|_dc=yyy,dc=org
|_ou=Groups
|_u=Users
|_ou=kkk.com
|_ou=groups
|_ou=users
Currently when starting up the KDC the search base is sent as a hard coded
string, and it send ou=Users,c=yyy,dc=org as the search base. I need to
change the search base to ou=users,ou=kkk.com,dc=yyy,dc=org, after the KDC
has been started, and without restarting the KDC. Can I do this by maybe a
client side configuration file(krb5.conf?)? I need to change this everytime
I do a Kinit to get the TGT.
Appreciate any help.
Thank you,
Shani Ranasinghe
More information about the krbdev
mailing list