[36302] in Kerberos
Re: Replicated LDAP as backend
daemon@ATHENA.MIT.EDU (Brandon Allbery)
Fri Jul 25 09:40:52 2014
From: Brandon Allbery <ballbery@sinenomine.net>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Fri, 25 Jul 2014 13:40:31 +0000
Message-ID: <1406295631.32174.1.camel@vikktakkht.kf8nh.com>
In-Reply-To: <20140725100005.GR5127@maia.oucs.ox.ac.uk>
Content-Language: en-US
Content-ID: <90F963351878834F8E7D610B43CEB0FC@mex05.mlsrvr.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Fri, 2014-07-25 at 11:00 +0100, Dameon Wagner wrote:
> Using an LDAP backend with multi-master replication _could_
> potentially allow for having more than one active krb5-admin-server in
> your realm, but I don't know if this is a supported configuration in
> MIT (IIRC Heimdal may allow this, but I'm not sure if OpenLDAP's
> multi-master replication is mature enough to recommend or rely on it
> for something as core as Kerberos).
Multi-master replication works fine, and is arguably the only sensible
reason to use the LDAP backend in the first place --- it's slower and
more painful to manage compared to the standard backend.
--
--
brandon s allbery kf8nh sine nomine
associates
allbery.b@gmail.com
ballbery@sinenomine.net
unix, openafs, kerberos, infrastructure, xmonad
http://sinenomine.net
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
