Re: [lvs-users] SSO (single sign on) problem with loadbalancer

To:	"LinuxVirtualServer.org users mailing list." <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>
Subject:	Re: [lvs-users] SSO (single sign on) problem with loadbalancer
From:	"Huesser Peter" <peter.huesser@xxxxxx>
Date:	Fri, 5 Feb 2010 18:25:49 +0100

The funny thing is that no packages are send to the Kerberos server if I
contact the VIP. Contacting the real server immediately initiates some
communication with the Kerberos server. I already thought it could be a
problem with the loopback interface for the VIP one has to configure on
the real servers to make direct routing working. But maybe I am
completely wrong. I already checked the Kerberos configuration and the
keytab files. For me they look fine.

Do you mean it should in principle work so sso and loadbalancing does
not bite each other?

Pedro

> Von: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx [mailto:lvs-users-
> bounces@xxxxxxxxxxxxxxxxxxxxxx] Im Auftrag von Graeme Fowler
> Gesendet: Freitag, 5. Februar 2010 13:00
> An: LinuxVirtualServer.org users mailing list.
> Betreff: Re: [lvs-users] SSO (single sign on) problem with
loadbalancer
> 
> On Fri, 2010-02-05 at 10:23 +0100, Huesser Peter wrote:
> > None of this works. Connecting directly to the host sso works fine
if
> I
> > use the first or third keytab file but connecting via loadbalancer
> does
> > not work. So I have two questions:
> >
> > -   Does somebody has a similar situation which works?
> > -   If yes: any ideas what could be wrong in my settings?
> 
> It sounds like the load-balanced service isn't aware that it has a
> "virtual" hostname. If the tickets with the server hostnames work, but
> the one with the virtual hostname as the SPN doesn't, then the
> application or server(s) aren't aware of the virtual SPN.
> 
> This is almost certainly a kerberos mapping problem, rather than an
LVS
> one.
> 
> Graeme
> 
> 
> _______________________________________________
> Please read the documentation before posting - it's available at:
> http://www.linuxvirtualserver.org/
> 
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users

_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread]	Current Thread	[Next in Thread>
[lvs-users] SSO (single sign on) problem with loadbalancer, Huesser Peter Re: [lvs-users] SSO (single sign on) problem with loadbalancer, George Machitidze Re: [lvs-users] SSO (single sign on) problem with loadbalancer, Malte Geierhos Re: [lvs-users] SSO (single sign on) problem with loadbalancer, Huesser Peter Re: [lvs-users] SSO (single sign on) problem with loadbalancer, Graeme Fowler Re: [lvs-users] SSO (single sign on) problem with loadbalancer, Huesser Peter <= Re: [lvs-users] SSO (single sign on) problem with loadbalancer, Huesser Peter

Previous by Date:	Re: [lvs-users] SSO (single sign on) problem with loadbalancer, Huesser Peter
Next by Date:	[lvs-users] Weight for HTTP service never goes to 1., Bob Smith
Previous by Thread:	Re: [lvs-users] SSO (single sign on) problem with loadbalancer, Graeme Fowler
Next by Thread:	Re: [lvs-users] SSO (single sign on) problem with loadbalancer, Huesser Peter
Indexes:	[Date] [Thread] [Top] [All Lists]