[38476] in Kerberos
Re: Master-master deployment?
daemon@ATHENA.MIT.EDU (t Seeger)
Sat Feb 2 13:55:55 2019
Mime-Version: 1.0 (1.0)
From: t Seeger <tseegerkrb@gmail.com>
In-Reply-To: <20190202184828.GM93251@kduck.mit.edu>
Date: Sat, 2 Feb 2019 19:55:45 +0100
Message-Id: <F0FA3A3F-F778-47BF-B503-8911A7FD7EDE@gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hey,
my deployment is a multimaster ldap / Kerberos Setup... i made a „Script“ to install it on Debian/ubuntu. You can have it if you want... it is for testing.
Thor
Sent from my iPhone
> On 2. Feb 2019, at 19:48, Benjamin Kaduk <kaduk@mit.edu> wrote:
>
> LDAP is the only builtin KDC backend that supports multi-master KDCs at
> all. (I don't know whether there are any public out-of-tree backends that
> do so.)
>
> So, while you could use the LDAP backend with a single LDAP master and
> multiple KDC masters, that master LDAP server would be a SPOF.
>
> -Ben
>
>> On Sat, Feb 02, 2019 at 01:45:44PM -0500, Yegui Cai wrote:
>> Would it be possible to not leverage ldap for multiple-master deployment?
>>
>>> On Sat, Feb 2, 2019 at 1:14 PM Benjamin Kaduk <kaduk@mit.edu> wrote:
>>>
>>> Most of the instances I've heard about that use multi-master KDCs also use
>>> multi-master LDAP replication, to avoid the SPOF.
>>>
>>> -Ben
>>>
>>>> On Sat, Feb 02, 2019 at 11:12:33AM -0500, Yegui Cai wrote:
>>>> Hi Thor.
>>>> So you have a shared ldap? If so, could that ldap be a single point of
>>>> failure?
>>>>
>>>> Thanks,
>>>> Yegui
>>>>
>>>>> On Sat, Feb 2, 2019 at 11:10 AM t Seeger <tseegerkrb@gmail.com> wrote:
>>>>>
>>>>> Hey Yegui,
>>>>>
>>>>> I use a mutli master setup. For the sync I use openldap.
>>>>>
>>>>> Greeting Thor
>>>>>
>>>>> On 2. Feb 2019, at 15:38, Yegui Cai <caiyegui@gmail.com> wrote:
>>>>>
>>>>> Hi all.
>>>>> I know the official document recommend master-slave deployment for
>>>>> production environment.
>>>>> Wonder if any try to do a master-master deployment? If yes, how could
>>> you
>>>>> sync between two masters?
>>>>> Thanks,
>>>>> Yegui
>>>>>
>>>>> ________________________________________________
>>>>> Kerberos mailing list Kerberos@mit.edu
>>>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>>>
>>>>>
>>>> ________________________________________________
>>>> Kerberos mailing list Kerberos@mit.edu
>>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
