[36295] in Kerberos
Re: Replicated LDAP as backend
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Wed Jul 23 21:59:16 2014
Date: Wed, 23 Jul 2014 21:58:55 -0400 (EDT)
From: Benjamin Kaduk <kaduk@mit.edu>
To: Paul van der Vlis <paul@vandervlis.nl>
In-Reply-To: <lqp8qe$g38$1@ger.gmane.org>
Message-ID: <alpine.GSO.1.10.1407232157400.21571@multics.mit.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Wed, 23 Jul 2014, Paul van der Vlis wrote:
> Hello,
>
> I am the administrator of a Kerberos system. The backend of Kerberos is
> LDAP. I use it for NFS home-directories and shares. Now there is a
> second location of the organisation, they would like to have the same
> system there.
>
> What I did is a replication of de LDAP to the new location, so the LDAP
> is read-only. And I've installed Kerberos with that LDAP as the backend.
> It seems to work. I create accounts on the old location and they are
> replicated to the new location. And I can use Kerberos on the new location.
>
> My question is: is this a good setup?
>
> A goal is, that we want to be able to work even when there is no
> internet connection between both locations.
That should be a fine setup. The only thing that seems worth noting is
that the "old" Kerberos server (KDC) is the master KDC, so administrative
actions must be done against that site (and will not be possible from the
new location if there is no connection between the two locations).
-Ben Kaduk
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos