[30857] in Kerberos
Kerberos master/master sync using OpenLDAP N-Way Multi-Master
daemon@ATHENA.MIT.EDU (Mathew Rowley)
Wed Mar 11 19:15:21 2009
Date: Wed, 11 Mar 2009 17:13:33 -0600
From: Mathew Rowley <mathew_rowley@cable.comcast.com>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Message-ID: <C5DDA1BD.93B1%mathew_rowley@cable.comcast.com>
Mime-version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
I havenıt seen this idea posted anywhere. The new version of OpenLDAP (Iım
using 2.4.15) has the ability to run in a multi-master mode. I was able to
set up two servers that each ran a Kerberos instance as well as an OpenLDAP
instance that had ldap and kerberos failover. I now donıt need to worry
about doing any sync with Kerberos, as LDAP does it all. I can also run
kadmin against either of the kerberos servers. Some tests I did that were
pretty successful were:
Realm setup:
kdc = kdc01.security.lab.comcast.net:88
kdc = kdc02.security.lab.comcast.net:88
Turn off kdc on kdc01 -> successfully authenticated with kdc02
Turn on kdc but turn off ldap on kdc01 -> successfully authenticated with
kdc02
The failover works exactly as a expected.
--
MAT
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
