[5403] in Kerberos
Re: replacement for kprop?
daemon@ATHENA.MIT.EDU (Larry J. Hughes Jr.)
Sun Jun 18 22:36:53 1995
To: kerberos@MIT.EDU
Date: 19 Jun 1995 02:18:41 GMT
From: hughes@logos.ucs.indiana.edu (Larry J. Hughes Jr.)
In article <ojrSVWq00WCQFIulpb@andrew.cmu.edu>,
Derrick J. Brashear <db74+@andrew.cmu.edu> wrote:
>Has anyone considered any sort of means of replacing kprop, i.e.
>something where an entire database would not need to be propagated
>(probably at some point in time after password changes etc have already
>taken place) to something transaction based? My thoughts:
I've modified our clients that touch the database (i.e. change
passwords, add principals) to contact both our master and slave
KDC. Then kprop is run in the wee hours once per day as a sanity
check.
Rather much a pain, but it works a lot better than N kprops per day.
(Before anyone asks, I'd share the code, but we don't use the stock
kpasswd or kadmin clients for ugly historical reasons I won't go in to.)
---
Larry J. Hughes, Jr. hughes@indiana.edu
Indiana University http://copper.ucs.indiana.edu/~hughes
