[1557] in Kerberos_V5_Development
Re: kdc.conf [realms] section
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Tue Aug 13 15:10:49 1996
Date: Tue, 13 Aug 1996 15:10:42 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: raeburn@cygnus.com
Cc: hartmans@MIT.EDU, krbdev@MIT.EDU
In-Reply-To: <tx1g25rdsdm.fsf@cygnus.com> (message from Ken Raeburn on 13 Aug
1996 14:57:25 -0400)
> One occurs to me right away -- one server acting as slave for one
> realm and master KDC/admin server for another.
>
>Hmmm. When would this arrangement actually be used?
If I wanted a realm for RAEBURN.ORG...
Exactly. *If* you wanted a realm RAEBURN.ORG, you *might* set it up
that way.
Do you have a RAEBURN.ORG? Are you likely to in the forseeable
future? Are more than five other people in the world likely to want
this configuration? Are there already thorough tests for KDC support
of multiple database files? If we modify kadm5 to support multiple
databases, are we going to implement automated tests for it and run
them regularly? Are we going to document it fully? Is this feature
more important than the long list of other improvements that krb5
needs?
I assert that the answer to every one of those questions is "no."
Sure, we *could* do it, and we can *imagine* a scenario where it would
be useful (or maybe just fun), but so far no one has suggested a
decent reason why it is necessary. The Kerberos source code is
already 21M, the system is way too big to handle reliably, and IMHO
this feature just isn't worth its cost.
Barry
