Kerberos behind load balancer?

Kasundra, Digant digant at
Wed Oct 6 13:42:07 EDT 2004

I should have added, using anycast might be doable, depending on what kind of network environment it would need.  I'm not familiar with what kind of layout you would want to make this work.  And of course, the same "politics" might not let us do this either....

-----Original Message-----
From: kerberos-bounces at on behalf of Tillman Hodgson
Sent: Wed 10/6/2004 12:15 PM
To: kerberos at
Subject: Re: Kerberos behind load balancer?
On Wed, Oct 06, 2004 at 12:07:23PM -0500, Kasundra, Digant wrote:
> I agree that the load is not an issue.  But with out DNS round-robin,
> and without the load-balancer, we'd have to arbitrarily point our
> systems and services at one of the slaves.  If that slave goes down,
> we'd have to scramble to see who all was pointing to it and change
> them to point to the other place.  

Anycast. Kerberos auth is UDP, after all.

More information about the Kerberos mailing list