Quoting Oliver Loch <[email protected]>: > The idea behind the multi (two) master setup is to have a failover > solution for everything, so that one slapd or one kdc can go down.
It sounds like a good idea, but IMO it may be more trouble than it's worth. In particular, I assume that your LDAP clients will be able to figure out which slapd server to write to when one goes down and another takes over as provider, but what about the Kerberos clients? Kerberos still works with a single master KDC, with in most cases the clients using DNS to locate it. But, how are you going to get those Kerberos DNS records to change automatically and point to the new KDC master as soon as another slapd server takes over as provider? Cheers, Jaap ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
