In regard to: Re: Migrating a Kerberos Realm, Ken Raeburn said (at 8:23pm...:
> You can, but you have to write the config files to specify different > port numbers for them. (The code doesn't currently support using > only some of a machine's IP addresses, if you wanted to put one on > one address and one on another.) The code theoretically supports > serving multiple realms out of one KDC process, too, but we don't > test that functionality often. I'd be interested in any observations > if you try it. We've done that (one KDC process serving 11 realms) for years. It's worked very well for us. You have to run separate instances of kadmind on the master, which means running them on different ports. Propagation from the master to the secondary(ies) also requires just a bit of extra config (the kpropds on the secondary need to run on distinct ports), but it too is possible. Tim -- Tim Mooney [EMAIL PROTECTED] Information Technology Services (701) 231-1076 (Voice) Room 242-J6, IACC Building (701) 231-8541 (Fax) North Dakota State University, Fargo, ND 58105-5164 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
