What is the definition of "realm" in MIT KDC? Is it just different domains?
By definition of "tenant" I am referring to a categorization above the "domains". For example a tenant could have multiple domains, and when a a user logs in there has to be an indicator of the "tenant" it belongs to besides its the domain. As the domain may not be sufficient to find the tenant the user belongs to. Is that something that is supported? Firouzeh ________________________________________ From: kerberos-boun...@mit.edu <kerberos-boun...@mit.edu> on behalf of Tim Mooney <tim.moo...@ndsu.edu> Sent: Friday, May 29, 2015 4:00 PM To: kerberos@mit.edu Subject: Re: Multi-tenancy in MIT KDC In regard to: Multi-tenancy in MIT KDC, Firouzeh Jalilian said (at 10:24pm...: > I would like to know if there is any support currently for multi-tenancy > in MIT KDC? What do you mean by multi-tenancy? Do you mean one krb5kdc process serving multiple distinct realms? If so, then yes, that's possible. We've served 11 different realms from one krb5kdc process. You have to run separate kadmind processes, each on a separate port, because those can't serve multiple realms. On your secondary kdcs, you also need to run a separate kpropd per realm, each on its own port. We've done it for years and it works, but if we were starting over, these days I'm not certain I would choose the same path. Depending on your realms, it might be better to use separate VMs or containers, depending on what you're comfortable with. Tim -- Tim Mooney tim.moo...@ndsu.edu Enterprise Computing & Infrastructure 701-231-1076 (Voice) Room 242-J6, Quentin Burdick Building 701-231-8541 (Fax) North Dakota State University, Fargo, ND 58105-5164 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://urldefense.proofpoint.com/v2/url?u=https-3A__mailman.mit.edu_mailman_listinfo_kerberos&d=BQICAg&c=Sqcl0Ez6M0X8aeM67LKIiDJAXVeAw-YihVMNtXt-uEs&r=0wthfOXikoIWE5NfoxCN7_R8HXNMORzBYVlqWqEvHTA&m=cFGgJrkPqfqEYmJsN7r0JuFhaVYzEPudc6FqJZTIsOY&s=v1DCbxUsVmfHZ-t2_DpLZ2F1nh1TJ-HN_bBPrlQ6Hks&e= ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos