Q: Ordering master/slave KDC's in CLIENT machines' krb5.conf
MattW
mbw at u.washington.edu
Tue Sep 9 13:41:25 EDT 2003
Hi all,
Please help me understand how I should order the
client's list of KDC's it can contact in the krb5.conf file.
I have:
[realms]
YADDA.WASHINGTON.EDU = {
kdc = kdc.yadda.washington.edu
kdc = kdc1.yadda.washington.edu
kdc = kdc2.yadda.washington.edu
admin_server = kdc1.yadda.washington.edu
default_domain = yadda.washington.edu
krb524_server = kdc1.yadda.washington.edu
}
NOTE: kdc.yadda.washington.edu points to the master, which is
kdc1.yadda.washington.edu
but I have MANY clients which will need to set up to use
kerberos, and kdc1 and kdc2 are on different subnets.
Should I put the kdc that is the closest (fewest hops, or local)
first in the list? or should I always put the master server first,
regardless of network proximity.
Am i nit-picking here? Does order matter in the kdc list?
Im curious how failover is done if my router to the first
kerb server in the list goes down.
thanks,
Matt
More information about the Kerberos
mailing list