Service Ticket Validation
Brian
brianslist at apple.com
Tue Aug 5 20:11:45 EDT 2003
I have the following envoirnments , a kerberos client , two app
servers behind a VIP load balancer . All data is first added to the
first KDC and replicated to the second . A service ticket will have the
VIP name in the service principle , So when the App servers verify the
ticket
it fails because the lookup does'nt match the service principle. I took
a look at the krb5_os_localaddr routine is there any way that If could
use multiple App servers behind a VIP where the spn will carry the VIP
dns name ?
brian
More information about the krbdev
mailing list