[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kerberos
Subject:    Re: Mulltiple domains in one KDC process?
From:       "Rick van Rein (OpenFortress)" <rick () openfortress ! nl>
Date:       2013-10-17 14:57:48
Message-ID: AEC227B0-9E57-46AC-B3F9-B462AADF1DDB () openfortress ! nl
[Download RAW message or body]

Hi,

>> Still, this isn't dynamically configurable=85 is it the only way to do i=
t?
> =

> It's the only supported way to do it.

Perhaps that's a feature request then, at least for the LDAP-backed version=
s:

 - next -r to point to individual krbRealmContainer, have -R to point to a =
krbContainer containing a dynamic set
 - as part of [realms] specifying (with $REALM in various places) a generic=
 pattern for realms, and resolving this dynamically
 - load domain, KDC, adminserver etc. from LDAP

Since you don't sound as if this would be tasteless conduct -- does it soun=
d to you like a k5wiki-style "Project", or is it a "Welcome Patch"?

> The unsupported way [black magic]

=85sounds a no-go area for long-term stability, but thanks.

>> And will kadmin / kpasswd work?
> =

> We do not currently have multi-realm support for kadmind (and by
> extension, password-changes).  Each realm needs its own kadmind running
> on a different port.


A bit awkward, but less problematic, since that is internal stuff -- where =
IP's are not in such tight supply.  Yes, IPv6, I know :-)

Thanks,
 -Rick
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
[prev in list] [next in list] [prev in thread] [next in thread]