[3058] in Kerberos
Dependencies on IP addresses
daemon@ATHENA.MIT.EDU (Davies)
Thu Mar 31 13:18:01 1994
From: bbh7rqj@if000353.bell-atl.com (Davies)
To: kerberos@MIT.EDU
Date: Thu, 31 Mar 94 12:57:22 EST
Reply-To: Christopher.I.Davies@Bell-Atl.Com
We are considering changing our kerberos master from one machine
to another (let's say MASTER1 is our current server and we want to
move everything to MASTER2). I think the easiest solution would be
to set up MASTER2 identically to MASTER1 (copy the database, etc.)
and then "steal" MASTER1's machine name.
MASTER2 will now be called MASTER1 and we will take MASTER1 off the
network. This scheme (stealing the old master server's name) seems
easiest given the fact that we have hundreds of kerberized
workstations and servers.
Alternately, if we used a new machine name for the admin server
we would then have to change /etc/krb.conf on all machines to point to
the new server -- seems like a lot of unnecessary work. Not
to mention that we need to recompile the code that has the admin server
hard-coded into it (like kadmin & kpasswd).
Ultimately, my question is: Will this scenario work? Are there any
ties to the IP address of the admin server (MASTER1 will have a
different IP address than MASTER2). Any other problems to consider?
PS: Why do some programs such as kadmin and kpasswd have the admin
server name hard-coded in them instead of reading /etc/krb.conf?
Thanks for your help!
Chris.
--
*******************************************************************************
Chris Davies e-mail: Christopher.I.Davies@bell-atl.com
Information Higway District Voice: (301) 989-4111
Bell Atlantic Fax: (301) 989-3945
******************************************************************************
