KDC Failover

Nick Bernstein nbernstein at frontbridge.com
Wed Apr 6 15:10:49 EDT 2005


I've been reading through the kerberos o'reilly book, and it seems like the
only way to do kdc failover is to run a "high availablity" kdc -- i.e. make
it look like the kdc never fails, even if it does; either by having the kdc
that the clients are talking to be a virtual ip which is taken over by a
second if either of the kerberos ports goes down, or similarly, if the kdc
fails, then there is a dns change, or something like that, but it seems hard
to imagine that I can't just specify a second kdc to failover to... is there
a way to specify this in the krb5.conf or another file? The man page for the
krb5.conf doesn't seem to show any examples of how to add a secondary kdc or
kadmin server for failover. 
 
Any replies are greatly appreciated,
Nick



FrontBridge introduces Message Archive and Secure Email. Get leading Enterprise Message Security services from FrontBridge. www.frontbridge.com.




More information about the Kerberos mailing list