KDC Failover

[Russ Allbery]

"Nick Bernstein" <nbernstein at frontbridge.com> writes:

> I've been reading through the kerberos o'reilly book, and it seems like
> the only way to do kdc failover is to run a "high availablity" kdc --
> i.e. make it look like the kdc never fails, even if it does; either by
> having the kdc that the clients are talking to be a virtual ip which is
> taken over by a second if either of the kerberos ports goes down, or
> similarly, if the kdc fails, then there is a dns change, or something
> like that, but it seems hard to imagine that I can't just specify a
> second kdc to failover to... is there a way to specify this in the
> krb5.conf or another file?

Er, yeah, just add a second KDC to fail over to.

> The man page for the krb5.conf doesn't seem to show any examples of how
> to add a secondary kdc or kadmin server for failover.

You don't want to list more than one kadmin server, as MIT Kerberos (at
least) doesn't support multi-master.  However, you can list lots of KDCs
just by, well, listing lots of KDCs:

[realms]
    stanford.edu = {
        kdc            = kerberos1.stanford.edu:88
        kdc            = kerberos2.stanford.edu:88
        kdc            = kerberos3.stanford.edu:88
        admin_server   = krb5-admin.stanford.edu
    }

for instance.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>