Nicolas Williams wrote:
On Fri, Jun 03, 2005 at 01:47:40PM -0500, Douglas E. Engert wrote:
Is this some gss implementation
imposed restriction?
An RPCSEC_GSS API issue.
What this means is that a kadmind can only serve a single realm.
We've never claimed to support more than one. IIRC neither has MIT, but
I'm sure someone will correct me if I'm wrong :)
OK... the MIT man page for krb5kdc says:
"The KDC may service requests for multiple realms (maximun 32 realms)"
and the man page for kadmind talks about serving multiple realms,
but I dont' see how it does.
Its not clear how much this is actually used, but someone
might run in to this problem. Our intent is it have the kdc and kadmind
server only one realm, and the server hosts will be in that realm.
so the chencking of the realm of the kadmind server host is not a real problem.
This looks like a Solaris bug to me.
And to me.
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
