[23801] in Kerberos
Re: Multiple realms
daemon@ATHENA.MIT.EDU (Kenneth Grady)
Mon May 2 12:07:35 2005
From: Kenneth Grady <klg@lanl.gov>
To: Thomas Bolioli <tpblists@terranovum.com>, kerberos@mit.edu
In-Reply-To: <426FF457.9050300@terranovum.com>
Content-Type: text/plain
Message-Id: <1114696964.3785.71.camel@grady.lanl.gov>
Mime-Version: 1.0
Date: Thu, 28 Apr 2005 08:02:44 -0600
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
You can have multiple realms on the same KDC. When you start krb5kdc you
need the "-r realm1 -r realm2" flag. To setup the multiple realms you
can run krb5_util create for realm1 (see kdc.conf) then krb5_util dump
realm1.file, krb5_util destroy realm1, modify kdc.conf for realm2,
krb5_util create realm2, krb5_util load -update realm1.file then you
will have realm1 and realm2 in one database.
There is a small problem adding entries to realm1 you need to run
"kadmin.local -r realm1" entries for realm2 can be added with just
"kadmin.local"
On Wed, 2005-04-27 at 14:21, Thomas Bolioli wrote:
> Do multiple realms require multiple kdc's and if so, does that mean I
> will need to have multiple ports open for those if the KDCs all exist on
> the same machine? I realize I will need to do cross realm with this
> setup but that should be trivial by setting up the trust in the KDC. Are
> there any issues with this setup I may be missing?
> Thanks,
> Tom
>
> ______________________________________________________________________
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos