In my use case, all things shall go in a single Kerberos DataBase
(KDB), all under LDAP(kldap). Say it this way: I want to have many
users, and each user gets a separate domain. REALM=DOMAIN. So there
are many realms with very few users in each.
On Tue, 2020-09-08 at 13:20 -0400, Greg Hudson via RT wrote:
> For your use case, would it be better to have a separate KDB for each
> (implying separate storage, propagation, and backup), or have one KDB
> to which
> realms could be added and removed?
> To answer one of your questions, if you ran two separate krb5kdc
> processes each
> with 31 -r options to get around the current 32-realm limitation,
> they would
> have to serve different ports.