[1543] in Kerberos_V5_Development
Re: kdc.conf [realms] section
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Mon Aug 12 22:50:33 1996
To: krbdev@MIT.EDU
From: Ken Raeburn <raeburn@cygnus.com>
Date: 12 Aug 1996 22:50:18 -0400
In-Reply-To: "Barry Jaspan"'s message of Mon, 12 Aug 1996 12:00:13 -0400
> Well, I certainly don't care. :-) How often is it that a site wants
> to support multiple realms from the same KDC *and* cares that the
> databases are stored in separate files?
One occurs to me right away -- one server acting as slave for one
realm and master KDC/admin server for another. You want to be able to
replace one realm's data while not interfering with the other at all.
The solutions I see to this are:
* permit one KDC to use multiple database files
* take kadmind offline for each kprop run; dump the database, merge, reload
* run two KDCs on two ports with different config files -- basically
two independent KDCs happening to run on one host
Personally, I'd prefer the first option.
