[32005] in Kerberos
Re: multiple kdc masters with resilient LDAP backend
daemon@ATHENA.MIT.EDU (rhod davies)
Tue Feb 2 09:23:21 2010
MIME-Version: 1.0
In-Reply-To: <000774FA-B62D-4C7A-AC7A-128556CE69F1@mit.edu>
Date: Tue, 2 Feb 2010 14:23:00 +0000
Message-ID: <f8b49e0c1002020623t41d6994ajf0ed6a293c6b5afa@mail.gmail.com>
From: rhod davies <nomrhod@googlemail.com>
To: Ken Raeburn <raeburn@mit.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Tuesday, February 2, 2010, Ken Raeburn <raeburn@mit.edu> wrote:
> You can also run multiple KDCs with replicated data without LDAP; the data just needs to be replicated from one master KDC to the others, and MIT ships code to do that, all at once or incrementally. If the master KDC should go offline, the others should have the necessary data for one to be (manually) promoted to be the new master. It is still a one-master-at-a-time setup, though.
>
> Just making sure you don't think LDAP is the only way to run multiple KDCs for a realm....
Yes, I get that, thanks.
It's that we have a new clean slate to begin with, and want to be as
resilient as possible from the start. The benefit of having a
multi-master (ldap backed) configuration would be no need to promote a
slave to replace a failing master, and also letting ldap take the
replication load. Just want to be sure that nothing's going to byte
us.
Cheers
--
Rhod
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
