Changing the KDC's hostname? - Kerberos

This is a discussion on Changing the KDC's hostname? - Kerberos ; Hi folks, I'd like to change the hostname of my kdc, but I'm worried that this will break kerberos. What steps should I take to ensure this doesn't happen? I'm running MIT kerberos version 1.6.2 under CentOS 5. I have ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Changing the KDC's hostname?

  1. Changing the KDC's hostname?

    Hi folks,

    I'd like to change the hostname of my kdc, but I'm worried that
    this will break
    kerberos. What steps should I take to ensure this doesn't happen?
    I'm running
    MIT kerberos version 1.6.2 under CentOS 5. I have a primary KDC and a
    backup
    KDC.

    Thanks in advance for any advice.


    Bryan

  2. Re: Changing the KDC's hostname?

    "bryan@virginia.edu" writes:

    > I'd like to change the hostname of my kdc, but I'm worried that
    > this will break kerberos. What steps should I take to ensure this
    > doesn't happen? I'm running MIT kerberos version 1.6.2 under CentOS 5.
    > I have a primary KDC and a backup KDC.


    As long as you update DNS SRV records and krb5.conf files accordingly,
    changing the hostname shouldn't be an issue. The Kerberos database itself
    doesn't care about the local hostname.

    --
    Russ Allbery (rra@stanford.edu)

  3. Re: Changing the KDC's hostname?

    >>>>> "RA" == Russ Allbery writes:

    RA> "bryan@virginia.edu" writes:
    >> I'd like to change the hostname of my kdc, but I'm worried that
    >> this will break kerberos. What steps should I take to ensure this
    >> doesn't happen? I'm running MIT kerberos version 1.6.2 under
    >> CentOS 5. I have a primary KDC and a backup KDC.


    RA> As long as you update DNS SRV records and krb5.conf files
    RA> accordingly, changing the hostname shouldn't be an issue. The
    RA> Kerberos database itself doesn't care about the local hostname.

    RA> -- Russ Allbery (rra@stanford.edu)

    One possible side issue is kprop -- when you change the hostname you'll
    have to authorize the new host principal to push the database to the
    slaves (kpropd.acl).

    --
    Richard Silverman
    res@qoxp.net


+ Reply to Thread