[krbdev.mit.edu #8945] krb5kdc: the 32 realms limit

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[krbdev.mit.edu #8945] krb5kdc: the 32 realms limit

Greg Hudson via RT

Mon Sep 07 10:37:14 2020: Request 8945 was acted upon.
 Transaction: Ticket created by [hidden email]
       Queue: krb5
     Subject: krb5kdc: the 32 realms limit
       Owner: Nobody
  Requestors: [hidden email]
      Status: new
 Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8945 >


https://web.mit.edu/kerberos/krb5-1.18/doc/admin/admin_commands/krb5kdc.html says:


The -r realm option specifies the realm for which the server should
provide service. This option may be specified multiple times to serve
multiple realms. If no -r option is given, the default realm (as
specified in krb5.conf) will be served.

The KDC may service requests for multiple realms (maximum 32 realms).
The realms are listed on the command line. Per-realm options that can
be specified on the command line pertain for each realm that follows it
and are superseded by subsequent definitions of the same option.


• If krb5.conf defines 62 realms, can I run two instances of krb5kdc,
each with 31 -r parameters, to cover all realms?  The answer shall be
evident from the documentation.

• Please extend krb5kdc, so that a single instance can handle unlimited
amount of realms

• Please add means to krb5kdc to serve all configured realms in
kdc.conf, without the need to create -r for each realm

• In the meantime, move in the documentation above the 32-limitation
from the Example section to the Options section.


krb5-bugs mailing list
[hidden email]