Jerry Shipman <je...@cornell.edu> writes: > It’s me again, who was trying to kprop through a NAT a month ago.
> Hypothetically speaking… how bad of an idea would it be to make a cron > job that `scp`s the database file to the slave KDC, or something like > that? Does the slave KDC daemon need to restart after the file is > updated, maybe? Or is this significantly less safe than using kprop? I > think I would be relying on ssh instead of kerberos for the > confidentiality and integrity. But I do that whenever I log into the > machine anyway. I think I may risk getting the file in the middle of a > write (so some records could be corrupted in the copy). It seems like > this would be a bad idea; just checking. If you're going to use scp, I strongly recommend generating a dump with kdb5_util dump, scping that, and then loading it with kdb5_util load. That's effectively what kprop/kpropd do. Just copying the database file runs the risk of copying a corrupt database because you happened to catch it in the middle of a write, as you note. -- Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
