[16614] in Kerberos-V5-bugs
Re: [krbdev.mit.edu #8945] krb5kdc: the 32 realms limit
daemon@ATHENA.MIT.EDU (daemon@ATHENA.MIT.EDU)
Tue Sep 8 14:58:03 2020
From: "=?UTF-8?B?w5DClMOQwrjDkMK7w5HCj8OQwr0gw5DCn8OQwrDDkMK7w5DCsMORwoPDkMK3?=
=?UTF-8?B?w5DCvsOQwrI=?= via RT" <rt@krbdev.mit.edu>
In-Reply-To: <731d30bd4ecb71d6c2efa0d7db6abd435a9c2768.camel@aegee.org>
Message-ID: <rt-4.4.4-101636-1599591463-1622.8945-5-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8945":;
Date: Tue, 08 Sep 2020 14:57:43 -0400
MIME-Version: 1.0
Reply-To: rt@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8945 >
Hello,
In my use case, all things shall go in a single Kerberos DataBase
(KDB), all under LDAP(kldap). Say it this way: I want to have many
users, and each user gets a separate domain. REALM=DOMAIN. So there
are many realms with very few users in each.
Greetings
Dilyan
On Tue, 2020-09-08 at 13:20 -0400, Greg Hudson via RT wrote:
> For your use case, would it be better to have a separate KDB for each
> realm
> (implying separate storage, propagation, and backup), or have one KDB
> to which
> realms could be added and removed?
>
> To answer one of your questions, if you ran two separate krb5kdc
> processes each
> with 31 -r options to get around the current 32-realm limitation,
> they would
> have to serve different ports.
>
>
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
