Hi, I'm using MIT Kerberos on a Debian Lenny system. All Kerberos related info is stored in an LDAP DIT (realm was initialized by using kdb5_ldap_util).
Now I've created a second realm whose contents reside in the same DIT
since our machines will be moving to a new subnet and a different DNS
domain will be used as well.
Now I'm faced with two choices:
a) leave the principals where they are and use cross realm
authentication so that users can authenticate against both realms.
b) moving (and possibly renaming) all principals from the old realm to
the new one
Is b) possible at all and if so, does anybody have any scripts that
he/she is willing to share?
Are there any other important points to consider when moving
"kerberized" machines from one subnet/DNS domain to another (besides
the most obvious ones, like changing IP addresses/host names)?
Thanks in advance & kind regards,
Holger
signature.asc
Description: Digital signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
