[36300] in Kerberos
Re: Replicated LDAP as backend
daemon@ATHENA.MIT.EDU (Robert Wehn)
Fri Jul 25 02:36:10 2014
In-Reply-To: <53D18C9A.3000408@vandervlis.nl>
MIME-Version: 1.0
From: Robert Wehn <robert.wehn@rz.uni-augsburg.de>
Date: Fri, 25 Jul 2014 08:35:38 +0200
To: Paul van der Vlis <paul@vandervlis.nl>, kerberos@mit.edu
Message-ID: <b2990f13-e02e-4081-bd83-33940edc909c@email.android.com>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On July 25, 2014 12:45:46 AM CEST, Paul van der Vlis <paul@vandervlis.nl> wrote:
>op 24-07-14 19:16, Robert Wehn schreef:
>>
>> Am 24.07.2014 11:44, schrieb Paul van der Vlis:
>The command I give is to download a key, not to change anything.
>But maybe it tries to write something too, no idea.
As you see in Thomas' answer it seems to do so
>Does it make sence to run krb5-admin-server at the slave-kdc server on
>the new location or is it better to stop this service?
I'm not sure if the kadmin server on the slave site can be configured to make the changes on the master site. If not I would turn it off.
>I think it's a good idea to change the "admin_server" setting in
>/etc/krb5.conf on the new location to the server at the old location.
>Correct?
In my opinion: yes. And also the kpasswd server.
If you publish the servers in DNS also change the corresponding SRV records.
Regards, Robert.
--
Dr. Robert Wehn ........................ http://www.rz.uni-augsburg.de
Universität Augsburg, Rechenzentrum ............. Tel. (0821) 598-2047
86135 Augsburg .................................. Fax. (0821) 598-2028
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
