>This is part of what Windows does. Active Directory in Windows 2003 >allows you to provide the KDC multiple names. This allows you to make >the transition without requiring a flag day.
I hadn't really thought about it past the keying issues, but yow, that would be a hell of a flag day. From what I've seen, _no_ MIT (or Heimdal) Kerberos realm has ever renamed in any meaningful sense. This just illustrates why it's so important to choose the correct realm name the first time around. (I find it amazing not that someone at your site made such a bad decision to create two realms with the same name, but that you're not the first site to have done so :-/) --Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
