[7230] in Kerberos
Clarification of philosophy ...
daemon@ATHENA.MIT.EDU (Chris Marshall)
Mon May 6 17:16:52 1996
Date: Mon, 6 May 1996 16:49:29 -0400 (EDT)
From: Chris Marshall <cmarsh01@west.poly.edu>
To: kerberos@MIT.EDU
I am installing krb5 in a university setting in a development lab. The
lab consists of six machines, and all have the same domain as everyone else
(.poly.edu).
What I don't want to happen is for <kdlserver1>.poly.edu to be the
kerberos realm server for the all machines in the entire .poly.edu
domain. Just for these six machines. In the krb5.conf file under
[domain_realm] I listed each of the six hosts and specifically set each
equal to the realm I created for this lab.
What happens if I don't indicate a domain to realm translation, and leave
it just with host to realm translations? Or if I do indicate .poly.edu =
MYKRB.REALM, will this server get hit with a bunch of requests that it
can't answer for? Will it just turn people away, or is there some kind of
resource drain?
I have already made a suggestion that these six machines be subdomained
(.kdl.poly.edu), but until that happens, what is the impact?
Thanks for any assistance you can provide.
Chris
