Re: Multiple realms on one KDC

[GOMBAS Gabor <gombasg@inf.elte.hu>]

On Mon, Aug 26, 2002 at 03:24:57PM -0600, Tillman Hodgson wrote:

> What is safe to share between /usr/libexec/kdc invocations if I wanted
> to simply use the --addresses= command-line option to put the different
> realms on different IP aliases (or is this even the right approach?)

It is one possible approach. The other possible approach is to have one
KDC instance serve multiple domains.

I attached a patch which you might find useful for both approaches:

- Every tool & daemon has a '-config-file' option for the location of
  kdc.conf
- Every tool & daemon can correctly parse and use multiple database
  definitions in kdc.conf
- You can specify the realm to use for hpropd
- Handling of 'ports' and 'addresses' parameters are unified for all the
  daemons; both parameters can be set either on the command line or in
  kdc.conf
- Server-side sections (such as [logging] and [password-quality]) have
  been moved from krb5.conf to kdc.conf

The patch is against 0.4e. It might be a bit dusty (I did it more than
half a year ago), but I hope it works.

Gabor

-- 
Gabor Gombas                                       Eotvos Lorand University
E-mail: gombasg@inf.elte.hu                        Hungary

heimdal.diff.gz