Each Realm must have it's own KDC?
Matt Crawford
crawdad at fnal.gov
Thu Mar 21 18:20:01 EST 2002
I've been running two realms for years with an overlapping, but not
identical, set of KDCs (all MIT-derived code). It so happens that
the master (admin server) for each realm serves that realm only, so I
can't say whether you can merge those.
Yes, two databases, two stanzas in kdc.conf.
Nope, same port, same process serves both.
[kdcdefaults]
kdc_ports = 88,750
kdc_warn_pwexpire = 30d
[realms]
REALM.ONE = {
database_name = /usr/krb5/var/krb5kdc/principal_main
acl_file = /usr/krb5/var/krb5kdc/kadm5.acl
kadmind_port = 749
master_key_type = des-cbc-crc
max_life = 26h 0m 0s
max_renewable_life = 7d 0h 0m 0s
admin_keytab = /usr/krb5/var/krb5kdc/kadm5.keytab
dict_file = /usr/krb5/share/pw_dict
supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
REALM.TWO = {
database_name = /usr/krb5/var/krb5kdc/principal_test
max_life = 1h 0m 0s
max_renewable_life = 4h 0m 0s
master_key_type = des-cbc-crc
supported_enctypes = des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
More information about the krbdev
mailing list