[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Two Heimdal KDC's with openldap backend

To: heimdal-discuss@sics.se
Subject: Two Heimdal KDC's with openldap backend
From: Scott Grizzard <scott@scottgrizzard.com>
Date: Wed, 30 Apr 2008 17:12:08 -0700
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Reply-To: heimdal-discuss@sics.se, Scott Grizzard <scott@scottgrizzard.com>
User-Agent: Thunderbird 2.0.0.12 (X11/20080227)

I have the following setup:

KDC with OpenLDAP backend
Samba with same OpenLDAP backend
Password Syncing through smbk5pwd

I want to add a second server to the network for high availability and
faster auths for a distant portion of the network.

Can I set up the second server as:
KDC with OpenLDAP backend
Samba BackupDomain Contoller with OpenLDAP
Password Syncing through smbk5pwd

I want to setup OpenLDAP in multi-master mode.  If I do this though, I
have a problem because heimdal will attempt to sync passwords across the
kdc's using its system, and openldap will also try to sync using the
multi-master replication.

Can I just turn off heimdal's syncing (not even install it), just
install the second KDC as if I wasn't going to sync it at all, and then
let OpenLDAP keep the database in sync.

Is all the KDC's need from each other stored in that ldap backend, or
will there be stuff missing?

Cheers,

-- Scott

Follow-Ups:
- Re: Two Heimdal KDC's with openldap backend
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

Next by Date: Re: Two Heimdal KDC's with openldap backend
Next by thread: Re: Two Heimdal KDC's with openldap backend
Index(es):
- Date
- Thread