Debugging connections through load balancers.
Henry B. Hotz
hotz at jpl.nasa.gov
Mon Jul 24 18:53:27 EDT 2006
I've got a kerberized service that worked fine before I started
trying to use it through a load balancer. (I'm saying that for
background, not because I didn't think it should matter.)
So the current situation is that I've changed /etc/hosts and /etc/
nodename to contain the FQDN of the balancer. The server *thinks*
its name is the balancer's name. A connection to the balancer does
get to the real server. The server's keytab has entries for both its
real name and the balancer's name. Doesn't work. (Interestingly a
direct connection that bypasses the balancer still works; I wouldn't
have expected that.)
So how do I go about debugging something like this?
My next step would be to snoop the connection and feed it to
ethereal, probably with lots of keys available so it can decode
everything. Is there anything better to try? Is there any way to
get the kerberos libs to say what (if anything) they are trying to
get out of the keytab?
If it matters, the service is Sun LDAP 5.2 on Solaris 9.
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the Kerberos
mailing list