[prev in list] [next in list] [prev in thread] [next in thread]
List: kerberos
Subject: Re: Mulltiple domains in one KDC process?
From: "Rick van Rein (OpenFortress)" <rick () openfortress ! nl>
Date: 2013-10-17 14:57:48
Message-ID: AEC227B0-9E57-46AC-B3F9-B462AADF1DDB () openfortress ! nl
[Download RAW message or body]
Hi,
>> Still, this isn't dynamically configurable=85 is it the only way to do i=
t?
> =
> It's the only supported way to do it.
Perhaps that's a feature request then, at least for the LDAP-backed version=
s:
- next -r to point to individual krbRealmContainer, have -R to point to a =
krbContainer containing a dynamic set
- as part of [realms] specifying (with $REALM in various places) a generic=
pattern for realms, and resolving this dynamically
- load domain, KDC, adminserver etc. from LDAP
Since you don't sound as if this would be tasteless conduct -- does it soun=
d to you like a k5wiki-style "Project", or is it a "Welcome Patch"?
> The unsupported way [black magic]
=85sounds a no-go area for long-term stability, but thanks.
>> And will kadmin / kpasswd work?
> =
> We do not currently have multi-realm support for kadmind (and by
> extension, password-changes). Each realm needs its own kadmind running
> on a different port.
A bit awkward, but less problematic, since that is internal stuff -- where =
IP's are not in such tight supply. Yes, IPv6, I know :-)
Thanks,
-Rick
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic