[5414] in Kerberos
Re: replacement for kprop?
daemon@ATHENA.MIT.EDU (daemon@ATHENA.MIT.EDU)
Thu Jun 22 21:38:55 1995
To: kerberos@MIT.EDU
Date: 23 Jun 1995 00:19:50 GMT
From: gwz@geek.ocsg.com ()
In article <3s2mq1$3im@usenet.ucs.indiana.edu>, hughes@logos.ucs.indiana.edu (Larry J. Hughes Jr.) writes:
|> In article <ojrSVWq00WCQFIulpb@andrew.cmu.edu>,
|> Derrick J. Brashear <db74+@andrew.cmu.edu> wrote:
|> >Has anyone considered any sort of means of replacing kprop, i.e.
|> >something where an entire database would not need to be propagated
|> >(probably at some point in time after password changes etc have already
|> >taken place) to something transaction based? My thoughts:
|>
|> I've modified our clients that touch the database (i.e. change
|> passwords, add principals) to contact both our master and slave
|> KDC. Then kprop is run in the wee hours once per day as a sanity
|> check.
|>
|> Rather much a pain, but it works a lot better than N kprops per day.
|>
|> (Before anyone asks, I'd share the code, but we don't use the stock
|> kpasswd or kadmin clients for ugly historical reasons I won't go in to.)
|>
|> ---
|> Larry J. Hughes, Jr. hughes@indiana.edu
|> Indiana University http://copper.ucs.indiana.edu/~hughes
--
!!!COMMERCIAL COMMERCIAL!!!
CyberSAFE Challenger (aka K5) has incremental database propagation built in to
the current beta. In the next _rea_ release, it will do away with master/slave
KDCs in favor of true peer-to-peer database updates.
!!!END COMMERCIAL!!!
~ gwz
Glen Zorn Senior Scientist Voice: 206-883-8721
gwz@cybersafe.com CyberSAFE Corporation FAX: 206-883-6951
Since I was forced to write it by the alien parasite which attached itself to
my brain stem during my recent visit to an isolated area of Northern Arizona,
it could hardly be construed that this message would reflect either the
opinions or the policies of my employer.
