On Sep 21, 2007, at 16:08, John Hascall wrote: > I haven't studied it all that extensively, > so correct me if I am wrong, but with the > new "DAL" stuff there is now an opportunity > to do a 'proper' job of multi-master KDCs > (dare I say it) in a "ubik-like" or "AD-like" > manner.
Yes, that's exactly right. At least, in theory; I haven't tried it. Using the LDAP back end -- ah, as I see Nico was just saying -- will get you a common database shared across the KDCs, and leaves the replication mechanism, if any, to the LDAP administrator. Building something on Ubik might be a possibility. I'm not that familiar with it beyond "oh, that thing in AFS", but if it meets the performance requirements for a KDC, yes, it could work. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
