Kerberos behind load balancer?

Jason T Hardy jthardy at
Wed Oct 6 08:13:48 EDT 2004

On Tue, 2004-10-05 at 23:03, Ken Raeburn wrote:
> I think there are better solutions to that.  (1) Create a DNS name 
> which points to multiple addresses; typically the nameserver will 
> change the order randomly, which will effect some load balancing.  (2) 
> Use DNS SRV records to return the names of the various KDCs, with equal 
> priority.  Granted, these approaches aren't load-sensitive, but the DNS 
> SRV record approach will let you do some uneven load balancing by 
> adjusting the weights based on the capabilities of each server.  
> They'll also let you spread out your KDCs to a couple of locations, if 
> you don't want to risk a single point of failure.

This is precisely what I * can not * do for political reasons.

Jason T Hardy
Unix Systems Administrator
Office of Information Technology
University of Texas at Arlington

More information about the Kerberos mailing list