|
Hi Monica,
as far as i understood it, changes in krb5.conf
take affect immediatly. This is a Client side konfiguration file, which is used
by kinit and other "kerberized" applikations.
You can make a dump of the slave kdc manually and
load it in the master kdc by hand. This is no problem. Even creating a new
master kdc is possible. Maybe you have to create the kadmin-keytabs and the
stash-file again, but that is no problem.
Kerberos uses the system time. so you need to have
an external way to get your system times synchronised, like an
ntp-server.
Klaas
----- Original Message -----
Sent: Monday, July 29, 2002 7:12 PM
Subject: Few quick questions
Hi all,
I'm very new to Kerberos, and I have some general questions below.
Any suggestions is greatly appreciated. Thanks for your time and help!
1. In the krb5.conf file, I can specify the clock skew and ticket lifetime
times. If I want to change these values after the kdc is already
running, do I need to restart the kdc? Ithere some way that the kdc
would read these values dynamically and take note of these changes?
2. Can slave KDC propagate its database back to the master KDC? Let's
say that the master KDC goes down and the administrator makes changes to
the slave KDC database. Now before we restart the master KDC,
we want to update its database with the changes. Is it possible for
slave KDC to propagate its database back to master?
3. How do I set the KDC time? Is there some kadmin options to do
this?
Thanks,
Monica
Do You Yahoo!?
Yahoo! Health
- Feel better, live better
| 