remctl endpoints
Ken Dreyer
ktdreyer at ktdreyer.com
Thu Aug 9 17:15:10 EDT 2012
In the course of setting up remctl for our AFS infrastructure, I was
wondering how other sites expose remctld servers to their users. Do
you have a hostname that's dedicated to this service, such as
remctl.example.edu ?
In our environment we're going to run remctld on our AFS VLDB servers
and our Kerberos KDCs. I was brainstorming about how useful and
feasible it would be to have remctl look up SRV records for a domain,
and then contact those hosts, like Kerberos or AFS does? One of the
problems I foresee is that sometimes you want a task to run on an AFS
VLDB server, and sometimes you want it to run on a Kerberos KDC. If
your cell name matches your realm name, having a generic
"_remctl._tcp.cell.example.com" SRV entry would not allow you to
distinguish between server types.
Does anyone else have ideas for remctl routing and high availability?
I guess each remctl application could do a SRV lookup on
_kerberos._udp, or _afs3-vlserver._udp, and then contact those servers
individually.
- Ken
More information about the Kerberos
mailing list