Kerberos behind load balancer?
Jason T Hardy
jthardy at uta.edu
Wed Oct 6 08:13:48 EDT 2004
On Tue, 2004-10-05 at 23:03, Ken Raeburn wrote:
> I think there are better solutions to that. (1) Create a DNS name
> which points to multiple addresses; typically the nameserver will
> change the order randomly, which will effect some load balancing. (2)
> Use DNS SRV records to return the names of the various KDCs, with equal
> priority. Granted, these approaches aren't load-sensitive, but the DNS
> SRV record approach will let you do some uneven load balancing by
> adjusting the weights based on the capabilities of each server.
> They'll also let you spread out your KDCs to a couple of locations, if
> you don't want to risk a single point of failure.
This is precisely what I * can not * do for political reasons.
--
Jason T Hardy
Unix Systems Administrator
Office of Information Technology
University of Texas at Arlington
More information about the Kerberos
mailing list