Kerberos behind load balancer?

[Kasundra, Digant]

> And let me echo the comments of others: we've run our Kerberos servers on
> the oldest, crappiest hardware we've had kicking around the dustbin (we
> upgrade it occasionally, but it's always to the latest "crappiest" system
> we've got laying around).  I seriously doubt you're going to need a load
> balancer.  And if you don't need it, I can't see it causing you anything
> but trouble in the long run.

If we could modify DNS to do DNS round-robin, we too would be okay.  But we can't.

So, given the problem space where DNS round robin is not an option, a load balancer is necessary.  If DNS round robin is the only way to make this work, I'm sensing a limitation that might need to be addressed.  Multimaster would be nice, too.  True, its easy to bring up a new master with the same IP, but I don't plan to work 24 hours a day, 7 days a week.  Some standard abilities such as multi-master support and the ability to sit nicely behind a load-balancer would be quite helpful.  I'm sure our campus can't be the only one that would be interested in these sort of developments in the MIT Kerb product.

Just my two cents.

-- DK