[38480] in Kerberos
Re: Master-master deployment?
daemon@ATHENA.MIT.EDU (Yegui Cai)
Wed Feb 6 07:56:52 2019
MIME-Version: 1.0
In-Reply-To: <667C6F6F-667A-4832-9712-3269EFE07B0C@gmail.com>
From: Yegui Cai <caiyegui@gmail.com>
Date: Wed, 6 Feb 2019 07:56:27 -0500
Message-ID: <CAJYMFR7EnWEfiR_nDxO-oECtkjzq2hSC0mfE+x0FRaxTjb4agA@mail.gmail.com>
To: t Seeger <tseegerkrb@gmail.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Awesome, thanks!
On Wed, Feb 6, 2019 at 2:32 AM t Seeger <tseegerkrb@gmail.com> wrote:
> Hey Yegui,
>
> You can find the script here https://wp.tntnet.eu/?p=112
> There is a very short instruction too. Keep in mind that I m not a ldap or
> Kerberos expert. ^^
>
> Thor
>
> On 6. Feb 2019, at 03:37, Yegui Cai <caiyegui@gmail.com> wrote:
>
> Hi Thor
> Sure. Can I have a copy of it. I am still pretty new to Kerberos. Your
> script is definitely helpful.
> Thanks a lot!
> Yegui
>
> On Sat, Feb 2, 2019 at 1:55 PM t Seeger <tseegerkrb@gmail.com> wrote:
>
>> Hey,
>>
>> my deployment is a multimaster ldap / Kerberos Setup... i made a „Script“
>> to install it on Debian/ubuntu. You can have it if you want... it is for
>> testing.
>>
>>
>> Thor
>>
>> Sent from my iPhone
>>
>> > On 2. Feb 2019, at 19:48, Benjamin Kaduk <kaduk@mit.edu> wrote:
>> >
>> > LDAP is the only builtin KDC backend that supports multi-master KDCs at
>> > all. (I don't know whether there are any public out-of-tree backends
>> that
>> > do so.)
>> >
>> > So, while you could use the LDAP backend with a single LDAP master and
>> > multiple KDC masters, that master LDAP server would be a SPOF.
>> >
>> > -Ben
>> >
>> >> On Sat, Feb 02, 2019 at 01:45:44PM -0500, Yegui Cai wrote:
>> >> Would it be possible to not leverage ldap for multiple-master
>> deployment?
>> >>
>> >>> On Sat, Feb 2, 2019 at 1:14 PM Benjamin Kaduk <kaduk@mit.edu> wrote:
>> >>>
>> >>> Most of the instances I've heard about that use multi-master KDCs
>> also use
>> >>> multi-master LDAP replication, to avoid the SPOF.
>> >>>
>> >>> -Ben
>> >>>
>> >>>> On Sat, Feb 02, 2019 at 11:12:33AM -0500, Yegui Cai wrote:
>> >>>> Hi Thor.
>> >>>> So you have a shared ldap? If so, could that ldap be a single point
>> of
>> >>>> failure?
>> >>>>
>> >>>> Thanks,
>> >>>> Yegui
>> >>>>
>> >>>>> On Sat, Feb 2, 2019 at 11:10 AM t Seeger <tseegerkrb@gmail.com>
>> wrote:
>> >>>>>
>> >>>>> Hey Yegui,
>> >>>>>
>> >>>>> I use a mutli master setup. For the sync I use openldap.
>> >>>>>
>> >>>>> Greeting Thor
>> >>>>>
>> >>>>> On 2. Feb 2019, at 15:38, Yegui Cai <caiyegui@gmail.com> wrote:
>> >>>>>
>> >>>>> Hi all.
>> >>>>> I know the official document recommend master-slave deployment for
>> >>>>> production environment.
>> >>>>> Wonder if any try to do a master-master deployment? If yes, how
>> could
>> >>> you
>> >>>>> sync between two masters?
>> >>>>> Thanks,
>> >>>>> Yegui
>> >>>>>
>> >>>>> ________________________________________________
>> >>>>> Kerberos mailing list Kerberos@mit.edu
>> >>>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>> >>>>>
>> >>>>>
>> >>>> ________________________________________________
>> >>>> Kerberos mailing list Kerberos@mit.edu
>> >>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>> >>>
>>
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
