I am attempting to execute a migration from an older Krb5 system to a new Krb5 - eDirectory system. (2 different KDC's)
I am having trouble determining the best option for the clients to respect the new realm. Is it possible to have multiple krb5 Realms within the same DNS Domain and have the clients respect the difference? So far, it appears that I have the following options: 0. Change the DNS Domain name suffix for newly migrated hosts. 1. Create/Designate hierarchical DNS Sub-domains, migrate each system in each sub-domain in bulk. <- Add lines to every client krb5.conf to recognize the split. 2. Add thousands of lines to every client's krb5.conf file to map every single migrated host to the new realm. 3. Use dns_lookup_realm in the clients krb5.conf file <This appears to be very broken and documented on a few mailing lists> Can anyone confirm this list is complete, or suggest an alternative solution to migrate the hosts while allowing the clients to respect both Realms simultaneously? Jr Aquino | Information Security Engineer Citrix Online Division Citrix Systems, Inc. 6500 Hollister Avenue Goleta, CA 93117 USA www.citrixonline.com Desk: 805-690-3478 Email: [email protected] www.gotomypc.com | Access Your PC from Anywhere www.gotomeeting.com | Online Meetings Made Easy www.gotoassist.com | Remote Support Made Easy ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
