In article <[EMAIL PROTECTED]>, "Kevin Coffman" <[EMAIL PROTECTED]> wrote:
> On 9/21/07, Jeffrey Altman <[EMAIL PROTECTED]> wrote: > > John Harris wrote: > > > Greetings, > > > > > > Does MIT's current implementation of the Kerberos KDC include > > > incremental propagation? I know it didn't a long time ago, then there > > > were CITI patches for it, then those didn't work for awhile. I don't > > > seem to be able to pinpoint an answer to it. > > > > > > Thanks, > > > > > > John > > There is no incremental propagation distributed with MIT Kerberos. > > > > Jeffrey Altman > > Our patch hasn't been ported forward to release 1.5 and beyond yet. > With the new plugable database interface, changes are necessary. We > haven't had the time to get to it yet. We haven't taken ours to a recent release level yet either, but for other reasons. It would be interesting, if academic, to see if our approach would work with 1.6 without changes. I think it would - it's quite trivial, we just siphon off data (who, what) from every change kadmind makes, and some other local software takes it and applies to peer KDCs. One or more of which are Microsoft domain controllers (but only the MIT KDCs can propagate changes.) We've been doing this for ca 8 years. As for an LDAP solution, we've talked about this here before (cf. "LDAP KDB".) If you need an LDAP backend for some other reason, that's one thing, but just for replication, I don't think so. Donn Cave, [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
