kerberos in load balanced environment: host name/dns issue

Pitrich, Karl karl.pitrich at
Tue Nov 30 05:43:53 EST 2004


we're using Apache mod_spnego with krb1.3.5 to fake M$ Integrated login
to Windows clients from a Linux server environment.
This works fine using single a single server.

Now we're testing multiple loadbalanced webservers.
To make such a setup work, we need to set each webserver's hostname to
the dns name of the load balancer, for the krb libs to use dns correctly
and gernerate the valid principal name.
This, of course, imposes at least administrative difficulties.

- how should this problem be addressed in a sane manner?

- would you, for example, accept a patch adding an environment variable
  or configuration option  that contains the required (faked, that is)
  hostname (of the loadbalancer), which is then taking precedence over
  gethostname(2) used in the krb libs?


 / karl

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the Kerberos mailing list