KDC HA Failure with krb5-1.9.1 and pam-krb5 4.4
Russ Allbery
rra at stanford.edu
Fri Nov 18 16:13:15 EST 2011
Tom Parker <tparker at cbnco.com> writes:
> Good Afternoon.
> I have two KDCs and my DNS servers are pointing to both of them with
> equal weight. Both KDCs are running 1.9.1.
> _kerberos._udp IN SRV 10 0 88 <server 1>
> _kerberos._udp IN SRV 10 0 88 <server 2>
> We are using Russ's pam-krb5 module version 4.4 compiled against krb
> 1.8.3.
> The problem I have is that if I update my client from 1.8.3 to 1.9.1 my
> High Availability breaks. A 1.9.1 client will not successfully
> authenticate if one of my KDCs is down. My 1.8.3 clients work fine.
Just to double-check, you don't set dns_lookup_kdc to false in your
krb5.conf file, do you?
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list