Kerberos behind load balancer?

Sam Hartman hartmans at MIT.EDU
Wed Oct 6 13:52:50 EDT 2004

>>>>> "Jason" == Jason T Hardy <jthardy at> writes:

    Jason> Sam, Actually, a load balancer simplifies client deployment
    Jason> in our case (we can't utilize DNS load balancing on our
    Jason> campus). We can, with a load balancer, have all of the
    Jason> KDC's share one hostname. Our kadmin server can also share
    Jason> that hostname.

I think what I'm questioning here is the need for load balancing of
the KDC.  I agree that if you need to load balance a KDC, using a load
balancer is one way to do it.  If you don't actually need to load
balance access to your KDCs, you'll find you get a much simpler
deployment without the load balancer.


More information about the Kerberos mailing list