Re: lvs with ssh with kerberos

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: lvs with ssh with kerberos
From:	Ryan Leathers <ryan.leathers@xxxxxxxxxxxxxxxxxxx>
Date:	Tue, 07 Mar 2006 09:22:15 -0500

Once again, this is not a good idea.  Don't do it.

The kerberos replication system only permits one active admin server, so
there is no opportunity for load balancing of the admin function.  You
shouldn't try to fool it by using LVS.  You'll likely screw up the
replication.

What you should do instead is to list multiple KDC's in your krb5.conf
file.  Take a look at that and notice the section under [realms].  All
you need to do is list multiple kdc's like so:

[realms]
        EXAMPLE.COM = {
        default_domain = example.com
        admin_server = krbadmin
        kdc = kdcserver1
        kdc = kdcserver2
        kdc = kdcserver3
        }

So, there you have it.  By specifying multiple KDC servers you will be
getting the behavior you really want, in case you lose a server for a
little while, things will just keep on chugin' in your network.  Don't
get me wrong - LVS is a great tool, but its not the answer to every
problem of service redundancy.  

peace,

Ryan

On Tue, 2006-03-07 at 08:01 -0500, deley@xxxxxxxxxx wrote:
> We are looking at doing the same thing. Have anyone gotten this to work?
> 
> Thank you,
> 
> David Eley
> 
> ----- Original Message -----
> From: Peter Michalek <peter@xxxxxxxxxxxx>
> Date: Wednesday, March 1, 2006 3:06 pm
> Subject: lvs with ssh with kerberos
> To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> 
> > Hello,
> > 
> > I'd be interested to know if LVS can be used and setup for silent 
> > login(no password prompting, i.e. using ticket forwarding) using 
> > ssh and
> > kerberos.
> > In the FAQ, I didn't find any mention of kerberos or what's needed to
> > set this up or if it's at all possible:
> > 
> > Has anyone made this work?
> > 
> > Thanks,
> > 
> > Peter
> > 
> > 
> > _______________________________________________
> > LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> > Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> > or go to http://www.in-addr.de/mailman/listinfo/lvs-users
> > 
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://www.in-addr.de/mailman/listinfo/lvs-users
>

<Prev in Thread]	Current Thread	[Next in Thread>
lvs with ssh with kerberos, Peter Michalek Re: lvs with ssh with kerberos, Ryan Leathers Re: lvs with ssh with kerberos, Joseph Mack NA3T Re: lvs with ssh with kerberos, Ryan Leathers Re: lvs with ssh with kerberos, deley Re: lvs with ssh with kerberos, Ryan Leathers <= RE: lvs with ssh with kerberos, Brock, Anthony - NET

Previous by Date:	Re: lvs with ssh with kerberos, deley
Next by Date:	RE: lvs with ssh with kerberos, Brock, Anthony - NET
Previous by Thread:	Re: lvs with ssh with kerberos, deley
Next by Thread:	RE: lvs with ssh with kerberos, Brock, Anthony - NET
Indexes:	[Date] [Thread] [Top] [All Lists]