> > Marcio> Since we have a multi-realm KDC and in real life the same > Marcio> people will manage those realms, I'd like to give permissions > Marcio> to the same principal and if possible I wouldn't like > Marcio> create user/admin@REALM1, user/admin@REALM2. I just want to > Marcio> insert a entry for user/admin@REALM1 in kadm5.acl file > Marcio> for each domain. > > Since realms generally define administrative boundaries, have you > considered a single realm?
Yes, in general realms and domains matches administrative regions, but we work with other questions, like: - current domain structures for other services (dns for instance) - number of objects - expectations for future delegations Taking them (and other) in account, we think we would have a chaotic scenario with all objects inside one big and monolithic realm. ------------------------------------------------------------------------------ Marcio d'Avila Scheibler - Divisao de Suporte ([EMAIL PROTECTED]) Centro de Processamento de Dados - Campus Universitario - CEP 97105-900 Universidade Federal de Santa Maria - RS - Brasil ============================================================================= ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
