Multiple KDCs with OpenLDAP
Jan-Piet Mens
jpmens.dns at gmail.com
Thu May 24 08:54:00 EDT 2012
> Do I need to use the kprop tool if I want to run more than one KDC for
> the same realm or can both KDCs just access the same database inside
> the DIT of OpenLDAP at the same time?
Don't use kprop. The advantage of storing the KDC database in LDAP is
that you make use of OpenLDAP's replication to carry the data over to
your slave servers.
> The idea is to run two KDCs that each connect to one of the OpenLDAP
> masters and are using the same database without the need of kprop.
Sounds fine to me, although I'm not too sure I would use the
multi-master stuff, as it may screw up somewhere ... I'd set up a master
to which all KDCs write and a number of slaves synce with syncrepl.
-JP
More information about the Kerberos
mailing list