[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Multiple realms on one KDC


I'm investigating the "right" way to host multiple realms off of a
single Kerberos key server.

Under FreeBSD, I can replicate the system in a "jail" with it's own IP
and run seperate KDC's on the same physicallysecured box. This seems to
be overkill to me.

What is safe to share between /usr/libexec/kdc invocations if I wanted
to simply use the --addresses= command-line option to put the different
realms on different IP aliases (or is this even the right approach?)

Can krb5.conf and the krb5.keytab be shared? Can the log file be shared?

Thanks for the help,

- Tillman

"I'd like to see distributing timesharing, so that all these people with
*way* too much time on their hands could donate some to us people with
sensible projects to complete but not enough time."
	- Anonymous Coward posting on Slashdot