On Wed, 23 Jul 2014, Paul van der Vlis wrote: > Hello, > > I am the administrator of a Kerberos system. The backend of Kerberos is > LDAP. I use it for NFS home-directories and shares. Now there is a > second location of the organisation, they would like to have the same > system there. > > What I did is a replication of de LDAP to the new location, so the LDAP > is read-only. And I've installed Kerberos with that LDAP as the backend. > It seems to work. I create accounts on the old location and they are > replicated to the new location. And I can use Kerberos on the new location. > > My question is: is this a good setup? > > A goal is, that we want to be able to work even when there is no > internet connection between both locations.
That should be a fine setup. The only thing that seems worth noting is that the "old" Kerberos server (KDC) is the master KDC, so administrative actions must be done against that site (and will not be possible from the new location if there is no connection between the two locations). -Ben Kaduk ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
