|
On Wed, 1 Mar 2006, Ryan Leathers wrote:
If you are asking if it is possible to have a system be kerberized and
also tackle some lvs chores, then yes, you can do that. Its a bit like
asking if one can comb their hair and eat an ice-cream. The two don't
have much to do with one another, but there is certainly nothing
preventing it.
Someone setup kerberos under LVS a while ago. From what I
remember they were doing all their kerberos inside an ssh
tunnel so only port 22 was involved in the LVS part of it. I
had wondered how they managed to LVS all the ports involved,
since (I think) some of them are callbacks from clients the
realserver, which LVS won't know about, but it seems they
didn't tackle this problem.
Now if you are asking if lvs can be used for your kerberos
servers, the answer is still yes, but it doesn't make
sense to do so. You can only have one kerberos server
active at any one time for a realm. You would never
balance the load, so you may as well just let them fail
over normally without trying to tie lvs into the mix.
(I've never used kerberos). If say my workplace was
kerberosized and I log'ed into various machines, are the
machines I'm logging into all calling the same single
kerberos server for tickets and then contacting my machine
in a connection that requires about 4 ports?
Thanks
Joe
--
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
|
