[3425] in Kerberos
Re: removing users from the kerberos database
daemon@ATHENA.MIT.EDU (Jon A. Rochlis)
Thu Jun 16 17:43:13 1994
To: hughes@logos.ucs.indiana.edu (Larry J. Hughes Jr.)
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of "Wed, 15 Jun 1994 12:38:42 GMT."
<CrFv4I.8rI@usenet.ucs.indiana.edu>
Date: Thu, 16 Jun 1994 17:25:34 -0400
From: "Jon A. Rochlis" <jon@cam.ov.com>
#There is no problem with doing a "kdb_util load" while the KDC is
#running. This is how the slaves are updated. "kdb_util load" builds
#another dbm database and plays the rename game. The Kerberos server
#is on the lookout for the database changing out from underneath it.
Including kadmind, so nobody can change passwords?
You're right. You should shut down the admin server while doing the
kdb_util load, but you don't need to shut down the kerberos server.
Denying password changes/new user registrations isn't as bad as
denying ticket requests.
-- Jon
