Kerberos behind load balancer?

Jason T Hardy jthardy at uta.edu
Tue Oct 5 23:15:49 EDT 2004


Sam,

Actually, a load balancer simplifies client deployment in our case (we
can't utilize DNS load balancing on our campus). We can, with a load
balancer, have all of the KDC's share one hostname. Our kadmin server
can also share that hostname.

 kerberos:88 -> points to our KDC's
 kerberos:749 -> point to our admin server

Further, we can bring systems up/down or add/remove new systems without
requiring modifications to the client configurations.

I've actually got this working, except that I needed to associate the
kerberos hostname with a non-arping loopback device, which required a
minor code hack.

On Tue, 2004-10-05 at 13:26, Sam Hartman wrote:
> Sticking your KDC behind a load balancer seems like a singularly bad
> idea.  It's going to introduce a lot of complexity for no real
> benefit.
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
-- 
Jason T Hardy
Unix Systems Administrator
Office of Information Technology
University of Texas at Arlington



More information about the Kerberos mailing list