[27194] in Kerberos
Re: "If you choose to install a stash file..."
daemon@ATHENA.MIT.EDU (Daniel Kahn Gillmor)
Wed Jan 10 00:52:30 2007
MIME-Version: 1.0
Message-ID: <17828.32498.166285.783833@squeak.fifthhorseman.net>
Date: Wed, 10 Jan 2007 00:51:46 -0500
To: kerberos@mit.edu
In-Reply-To: <200701050056.l050udF3009754@ginger.cmf.nrl.navy.mil>
From: Daniel Kahn Gillmor <dkg-mit.edu@fifthhorseman.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Sorry to be late for this discussion of the stash file.
In addition to needing to enter a passphrase to launch krb5kdc (with
the -m option), it looks like kdb5_util will also need a passphrase,
understandably.
This means that the traditional cronjob-triggered kprop -> kpropd
replication won't work either, right?
any suggestions for how to do speedy, automatic replication between
stashless KDCs?
i've got GSSAPI-enabled ssh functioning, so i was considering just
moving the entire principal.* fileset across the network with rsync,
but i'm not sure what would be necessary for the slave kdc to notice
that its database has been changed. Can i send a SIGHUP or something
similar to get it to rescan, without needing to enter the master key
by hand again?
Is there some other method i could use to have a replicated, stashless
krb5 domain?
Thanks for any suggestions you might have,
--dkg
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
