Wrong principal in request using virt interface
Christopher D. Clausen
cclausen at acm.org
Mon Jan 29 17:47:25 EST 2007
petesea at bigfoot.com wrote:
> On Mon, 29 Jan 2007, Christopher D. Clausen wrote:
>> Can you simply fail-over using the same IP on both interfaces? (I
>> believe there is a bonding module in Linux that can do this.)
>
> The point of the virt interface is so it can be moved to a different
> host. If the virt interface has the same IP as the real interface,
> then it couldn't be moved to another host. In other words, the
> "fail-over" is to fail over to a completely separate host, not a
> separate interface on the same host.
Uhh, can I ask why you are doing this? Kerberos already has a master/slave architecture. There is no need to "cluster" Kerberos servers in the manner you describe. Just setup multiple slave servers.
I thought you wanted more reliable KDCs by having redundant network interfaces.
<<CDC
More information about the Kerberos
mailing list