Replicated LDAP as backend
Brandon Allbery
ballbery at sinenomine.net
Fri Jul 25 09:40:31 EDT 2014
On Fri, 2014-07-25 at 11:00 +0100, Dameon Wagner wrote:
> Using an LDAP backend with multi-master replication _could_
> potentially allow for having more than one active krb5-admin-server in
> your realm, but I don't know if this is a supported configuration in
> MIT (IIRC Heimdal may allow this, but I'm not sure if OpenLDAP's
> multi-master replication is mature enough to recommend or rely on it
> for something as core as Kerberos).
Multi-master replication works fine, and is arguably the only sensible
reason to use the LDAP backend in the first place --- it's slower and
more painful to manage compared to the standard backend.
--
--
brandon s allbery kf8nh sine nomine
associates
allbery.b at gmail.com
ballbery at sinenomine.net
unix, openafs, kerberos, infrastructure, xmonad
http://sinenomine.net
More information about the Kerberos
mailing list