[1569] in Kerberos_V5_Development
Re: kdc.conf [realms] section
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Tue Aug 13 21:55:52 1996
Date: Tue, 13 Aug 1996 21:55:43 -0400
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: "Barry Jaspan" <bjaspan@MIT.EDU>
Cc: hartmans@MIT.EDU, raeburn@cygnus.com, krbdev@MIT.EDU
In-Reply-To: Barry Jaspan's message of Tue, 13 Aug 1996 12:57:41 -0400,
<9608131657.AA08964@DUN-DUN-NOODLES.MIT.EDU>
From an operational perspective, if you are maintaining a dual-realm
server (which I can think is quite reasonable expectation, especially if
Kerberos becomes much more popular than it is now), having kpropd fold
the contents of two realm's databases into one file is just scary;
especially if it ends up getting down dynamically and at different
times (consider if one realm is getting updated much more frequently
than an another).
I know that from a operational standpoint, it's much more comforting to
have the two database files be completely separate. There will times
when you will want to separate out the two realm's data --- suppose for
example the master has died, and you need to retrieve the backup from
one of the slaves; you *don't* want the extraneous fields from one of
the other realm's data.
- Ted
