[29003] in Kerberos
Re: Changing the KDC's hostname?
daemon@ATHENA.MIT.EDU (Richard E. Silverman)
Wed Jan 9 23:30:09 2008
From: "Richard E. Silverman" <res@qoxp.net>
Date: 09 Jan 2008 23:21:01 -0500
Message-ID: <m263y2s442.fsf@darwin.oankali.net>
MIME-Version: 1.0
X-Complaints-To: abuse@speakeasy.net
X-DMCA-Complaints-To: abuse@speakeasy.net
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>>>>> "RA" == Russ Allbery <rra@stanford.edu> writes:
RA> "bryan@virginia.edu" <catselbow@gmail.com> writes:
>> I'd like to change the hostname of my kdc, but I'm worried that
>> this will break kerberos. What steps should I take to ensure this
>> doesn't happen? I'm running MIT kerberos version 1.6.2 under
>> CentOS 5. I have a primary KDC and a backup KDC.
RA> As long as you update DNS SRV records and krb5.conf files
RA> accordingly, changing the hostname shouldn't be an issue. The
RA> Kerberos database itself doesn't care about the local hostname.
RA> -- Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
One possible side issue is kprop -- when you change the hostname you'll
have to authorize the new host principal to push the database to the
slaves (kpropd.acl).
--
Richard Silverman
res@qoxp.net
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
