Jan-Piet Mens <[email protected]> writes: > What I haven't yet tested is whether using DNS records with different > weights would work, respectively how long a client will wait attempting > to reach each of the KDCs until it succeeds.
Our experience is "not long." There can be a noticable delay when we take down our primary KDC if you're looking for it, but it's well within the sort of variation that users tend not to notice. We list one of our KDCs as primary in all of our configuration and give it a preferred priority in DNS, and yet we get substantial traffic to the second KDC just because the primary KDC, while up and responding, is occasionally slightly slow (by which I mean delays on the order of a second, not more). -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
