[krbdev.mit.edu #8945] krb5kdc: the 32 realms limit

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #8945] krb5kdc: the 32 realms limit

Greg Hudson via RT-3

<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8945 >

For your use case, would it be better to have a separate KDB for each realm
(implying separate storage, propagation, and backup), or have one KDB to which
realms could be added and removed?

To answer one of your questions, if you ran two separate krb5kdc processes each
with 31 -r options to get around the current 32-realm limitation, they would
have to serve different ports.


_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
Reply | Threaded
Open this post in threaded view
|

Re: [krbdev.mit.edu #8945] krb5kdc: the 32 realms limit

Greg Hudson via RT-3

<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8945 >

Hello,

In my use case, all things shall go in a single Kerberos DataBase
(KDB), all under LDAP(kldap).  Say it this way: I want to have many
users, and each user gets a separate domain.  REALM=DOMAIN.  So there
are many realms with very few users in each.

Greetings
  Dilyan

On Tue, 2020-09-08 at 13:20 -0400, Greg Hudson via RT wrote:

> For your use case, would it be better to have a separate KDB for each
> realm
> (implying separate storage, propagation, and backup), or have one KDB
> to which
> realms could be added and removed?
>
> To answer one of your questions, if you ran two separate krb5kdc
> processes each
> with 31 -r options to get around the current 32-realm limitation,
> they would
> have to serve different ports.
>
>


_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs