Master-master deployment?
Benjamin Kaduk
kaduk at mit.edu
Sat Feb 2 13:48:29 EST 2019
LDAP is the only builtin KDC backend that supports multi-master KDCs at
all. (I don't know whether there are any public out-of-tree backends that
do so.)
So, while you could use the LDAP backend with a single LDAP master and
multiple KDC masters, that master LDAP server would be a SPOF.
-Ben
On Sat, Feb 02, 2019 at 01:45:44PM -0500, Yegui Cai wrote:
> Would it be possible to not leverage ldap for multiple-master deployment?
>
> On Sat, Feb 2, 2019 at 1:14 PM Benjamin Kaduk <kaduk at mit.edu> wrote:
>
> > Most of the instances I've heard about that use multi-master KDCs also use
> > multi-master LDAP replication, to avoid the SPOF.
> >
> > -Ben
> >
> > On Sat, Feb 02, 2019 at 11:12:33AM -0500, Yegui Cai wrote:
> > > Hi Thor.
> > > So you have a shared ldap? If so, could that ldap be a single point of
> > > failure?
> > >
> > > Thanks,
> > > Yegui
> > >
> > > On Sat, Feb 2, 2019 at 11:10 AM t Seeger <tseegerkrb at gmail.com> wrote:
> > >
> > > > Hey Yegui,
> > > >
> > > > I use a mutli master setup. For the sync I use openldap.
> > > >
> > > > Greeting Thor
> > > >
> > > > On 2. Feb 2019, at 15:38, Yegui Cai <caiyegui at gmail.com> wrote:
> > > >
> > > > Hi all.
> > > > I know the official document recommend master-slave deployment for
> > > > production environment.
> > > > Wonder if any try to do a master-master deployment? If yes, how could
> > you
> > > > sync between two masters?
> > > > Thanks,
> > > > Yegui
> > > >
> > > > ________________________________________________
> > > > Kerberos mailing list Kerberos at mit.edu
> > > > https://mailman.mit.edu/mailman/listinfo/kerberos
> > > >
> > > >
> > > ________________________________________________
> > > Kerberos mailing list Kerberos at mit.edu
> > > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
More information about the Kerberos
mailing list