kerberos in load balanced environment: host name/dns issue
Pitrich, Karl
karl.pitrich at fabasoft.com
Tue Nov 30 05:43:53 EST 2004
Hi,
we're using Apache mod_spnego with krb1.3.5 to fake M$ Integrated login
to Windows clients from a Linux server environment.
This works fine using single a single server.
Now we're testing multiple loadbalanced webservers.
To make such a setup work, we need to set each webserver's hostname to
the dns name of the load balancer, for the krb libs to use dns correctly
and gernerate the valid principal name.
This, of course, imposes at least administrative difficulties.
- how should this problem be addressed in a sane manner?
- would you, for example, accept a patch adding an environment variable
or configuration option that contains the required (faked, that is)
hostname (of the loadbalancer), which is then taking precedence over
gethostname(2) used in the krb libs?
thanks,
/ karl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20041130/092d15a4/attachment.bin
More information about the Kerberos
mailing list