Kerberos behind load balancer?
Jason T Hardy
jthardy at uta.edu
Tue Oct 5 23:15:49 EDT 2004
Sam,
Actually, a load balancer simplifies client deployment in our case (we
can't utilize DNS load balancing on our campus). We can, with a load
balancer, have all of the KDC's share one hostname. Our kadmin server
can also share that hostname.
kerberos:88 -> points to our KDC's
kerberos:749 -> point to our admin server
Further, we can bring systems up/down or add/remove new systems without
requiring modifications to the client configurations.
I've actually got this working, except that I needed to associate the
kerberos hostname with a non-arping loopback device, which required a
minor code hack.
On Tue, 2004-10-05 at 13:26, Sam Hartman wrote:
> Sticking your KDC behind a load balancer seems like a singularly bad
> idea. It's going to introduce a lot of complexity for no real
> benefit.
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Jason T Hardy
Unix Systems Administrator
Office of Information Technology
University of Texas at Arlington
More information about the Kerberos
mailing list