[24000] in Kerberos
Re: Using Solaris 10 kadmin with MIT 1.4.1 kadmind
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Fri Jun 3 15:22:09 2005
Message-ID: <42A0AC79.2070606@anl.gov>
Date: Fri, 03 Jun 2005 14:16:09 -0500
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: Nicolas Williams <Nicolas.Williams@sun.com>
In-Reply-To: <20050603185535.GL27456@binky.Central.Sun.COM>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: "'kerberos@mit.edu'" <kerberos@mit.edu>
Errors-To: kerberos-bounces@mit.edu
Nicolas Williams wrote:
> On Fri, Jun 03, 2005 at 01:47:40PM -0500, Douglas E. Engert wrote:
>
>> Is this some gss implementation
>>imposed restriction?
>
>
> An RPCSEC_GSS API issue.
>
>
>>What this means is that a kadmind can only serve a single realm.
>
>
> We've never claimed to support more than one. IIRC neither has MIT, but
> I'm sure someone will correct me if I'm wrong :)
OK... the MIT man page for krb5kdc says:
"The KDC may service requests for multiple realms (maximun 32 realms)"
and the man page for kadmind talks about serving multiple realms,
but I dont' see how it does.
Its not clear how much this is actually used, but someone
might run in to this problem. Our intent is it have the kdc and kadmind
server only one realm, and the server hosts will be in that realm.
so the chencking of the realm of the kadmind server host is not a real problem.
>
>
>>This looks like a Solaris bug to me.
>
>
> And to me.
>
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
