Managing Kerberos and Other Authentication Services in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014
 
 

Number of Kerberos Realms

    The number of realms that your installation requires depends on several factors:

  • The number of clients to be supported. Too many clients in one realm makes administration more difficult and eventually requires that you split the realm. The primary factors that determine the number of clients that can be supported are as follows:

    • The amount of Kerberos traffic that each client generates

    • The bandwidth of the physical network

    • The speed of the hosts

    Because each installation will have different limitations, no rule exists for determining the maximum number of clients.

  • How far apart the clients are. Setting up several small realms might make sense if the clients are in different geographic regions.

  • The number of hosts that are available to be installed as KDCs. Plan to create at least two KDC servers per realm, one master server and at least one slave server.

Alignment of Kerberos realms with administrative domains is recommended. Note that a Kerberos V realm can span multiple subdomains of the DNS domain to which the realm corresponds.