f



Kerberos master/master sync using OpenLDAP N-Way Multi-Master

I haven=B9t seen this idea posted anywhere.  The new version of OpenLDAP (I=B9m
using 2.4.15) has the ability to run in a multi-master mode.  I was able to
set up two servers that each ran a Kerberos instance as well as an OpenLDAP
instance that had ldap and kerberos failover.  I now don=B9t need to worry
about doing any sync with Kerberos, as LDAP does it all. I can also run
kadmin against either of the kerberos servers. Some tests I did that were
pretty successful were:

Realm setup:
  kdc =3D kdc01.security.lab.comcast.net:88
  kdc =3D kdc02.security.lab.comcast.net:88

Turn off kdc on kdc01 -> successfully authenticated with kdc02
Turn on kdc but turn off ldap on kdc01 -> successfully authenticated with
kdc02

The failover works exactly as a expected.

--=20
MAT
0
3/11/2009 11:13:33 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies
968 Views

Similar Articles

[PageSpeed] 43

Reply:

Similar Artilces:

master-master replication
Hi, I have following queries related to postgresql 1. Does version 7.4.1 supports master-master replication? If not, does it support master-slave replication where slave can become the master once master is down? When the master comes up again, can it can be configured to slave mode? 2. If the master-master replication is available, is it free of cost? Is it being supported on SCO Unixware version 7.1.1 ? If its not free, where can I find the product cost? If master-master replication is not available, is master-slave replication free of cost? 3. Where can I find the documents talking ab...

master-master replication
Hi, I have following queries related to postgresql 1. Does version 7.4.1 supports master-master replication? If not, does it support master-slave replication where slave can become the master once master is down? When the master comes up again, can it can be configured to slave mode? 2. If the master-master replication is available, is it free of cost? Is it being supported on SCO Unixware version 7.1.1 ? If its not free, where can I find the product cost? If master-master replication is not available, is master-slave replication free of cost? 3. Where can I find the documents talking ab...

Master Ian and Master David
>>> David L Cassell <davidlcassell@MSN.COM> 3/20/2006 1:45:11 pm >>> wrote <<< Master Ian sagely pondered: >Anna, >I know beans about statistics, but I read newspapers and have experience >in education. I would ask: > 1) How do you know the tests measure anything worth while? > 2) How do you know the tests were scored correctly? >Perhaps David can supply the correct procedures to answer these questions, >or perhaps such questions are no longer relevant in the US. Ian, next you need to hold a light saber and ask the questions with th...

BIND master to master transfer
I'm running a master and slave BIND 9.3 servers. These serve my AD domain. I would like to move the master to server 2 (slave) and then have the current master be slave. What's the safest way to do this without having the AD DC freak along with the Exchange2k3 server. Thanks Jason ...

Twinax Brick Master Console, is there a way to make it a remote master console.
So that I can do installs remotely under address 0 port 0 The most obvious approach with a twinax console is to get a 5250 emulation card (do they still exist?) and substitute the console for a PC with twinax emulation. You can then use PC Anywhere or some other remote desktop software to remotely control that PC. This is how I did it back in 1988 (IBM PC XT, plain old DOS, IdeaComm card, PC Anywhere, modem), but these days I use OpsConsole (cable) with Remote Desktop... Regards, Ren´┐Ż -- "Jack Kingsley" <jack.kingsley@wamu.net> schreef in bericht news:ccf98b2e.0411030749.4...

Master
Hey all you shits are worthless , get a life losers , morons I mean ass bags like you can do nothing great with their lives . You all are big fat boobs . ...

Re: Master Ian and Master David
Peter , You mean you didnt catch Ians last SUGI presentation when he showed us how to write macros error free using the SAS Force.... while wearing his brown rope and levetating... lol just joking Ian.... But dang your good. Toby Dunn From: Peter Flom <Flom@NDRI.ORG> Reply-To: Peter Flom <Flom@NDRI.ORG> To: SAS-L@LISTSERV.UGA.EDU Subject: Master Ian and Master David Date: Mon, 20 Mar 2006 14:18:31 -0500 >>> David L Cassell <davidlcassell@MSN.COM> 3/20/2006 1:45:11 pm >>> wrote <<< Master Ian sagely pondered: >Anna, >I know beans a...

Re: BIND master to master transfer
> I'm running a master and slave BIND 9.3 servers. These serve my AD > domain. I would like to move the master to server 2 (slave) and then > have the current master be slave. What's the safest way to do this > without having the AD DC freak along with the Exchange2k3 server. > Thanks > > Jason * setup allow-update on the new master commented out. You may want to test the acl on dummy zone. * setup allow-transfer on the new master. Confirm that you can transfer off the slave to the new master using "dig" from the old master. * setup the masters clause commentede out on the old master. * disable updates on the old master. * wait for the old and new masters to report the same serial. * flush the zone on the new master. Check the file on disk to make sure it has the right serial. rndc flush zone * make the new master a master zone and reload. uncomment allow-update comment out masters change type to master notify yes; * using nsupdate change the soa's MNAME to the name of the new master. This also checks that you did the previous step correctly. nsupdate -d zone <name of zone> server <address of new server> update add <name of zone> ttl SOA <name of new master> <contact> <current serial + 1> <refresh> <retry> <expire> <minimum> send * convert the old master to a slave and reload ...

Forgot Kerberos Master Key
Dear Team, I forgot kerberos master key but i have key stash file. How can I get the clear text password from the stash file. Regards, Bharathikannan R ...

Kerberos Master Password for database
How can you verify that you have the correct password for a database that is already created? On 2006-11-18 00:45:15 +0100, "melanotus@gmail.com" <melanotus@gmail.com> said: > How can you verify that you have the correct password for a database > that is already created? Without a correct password Kerberos does not work, so if your KDCs are up and running you have the correct db password. If you remove (rename) the stash and recreate it, you may verify that your memory is good. Otherwise you remember an incorrect password. (Provided that I understand how Kerberos works... I may be wrong.) -- Sensei <senseiwa@Apple's mail> Research (n.): a discovery already published by a chinese guy one month before you, copying a russian who did it in the 60s. ...

seeking servlet "Master" keep getting "Master/servlet/Master" not found. Tomcat 5.0.25
I am using all stock files in $CATALINA_HOME/conf from distribution, except tomcat-users.xml. I have read a couple of thing regarding conf/Catalina/localhost but there were other materials that seemed to contradict this. I do not know if I have to modify another file. This servlet is already deployed on our network with an older tomcat, and it is accessed simply by http://intranet/Master. It is important that this does not change. Here is my web.xml file: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD ...

master-master replication how to automatically exchange role?
i'm doing something research on master-master(standby) replication. so far we use manually method to exchange the standby master as master when occur some problems. Do you have any idea to exchange roles automatically when occur problems? sissi <sissiyam@gmail.com> wrote: > i'm doing something research on master-master(standby) replication. so > far we use manually method to exchange the standby master as master > when occur some problems. I suggest you stay with that. > Do you have any idea to exchange roles automatically when occur > problems? ...

To be master or not
I have a T1 point-to-point between the two sides. Each router 1760 has a WIC-1DSU-T1-V2. When I set both routers to slave mode - service-module t1 clock source line - ( which is wrong ) then the connection is up, and I can access the remote side, but the interface shows a high number of timing error. When I set one router to master ( service-module t1 clock source internal ) then the connection is absolutely broken. I called the telephone comany and they confirmed that my T1 is point-to-point and I must provide the clock from one router. Could you please share some advice ? Thanks, DT ...

moving kerberos master to new server
Hello, Currently using kerberos 5. Soon I plan to migrate this server onto another hardware that will have a new hostname and IP, but same O/S level (aix). My first thoughts in doing this was to: Stop the master server, all clients will then goto to the slave for authentication. Install the krb5 binaries, without configuring the new master. Tar up the /var/krb5 and /etc/krb5 directories, then untar it onto the new host. Change the kdc and krb5 conf files with the new hostname. Start the new master up Would that work, or is there another sequence I should follow. Thanks Pete. Pete, Ideally it should work. But I would suggest you to take dump of KDC database and then move on to the new hardware. - Sachin. On Fri, Oct 23, 2009 at 5:33 PM, peter sands <peter_sands@techemail.com>wrote: > Hello, > Currently using kerberos 5. > Soon I plan to migrate this server onto another hardware that will > have a new hostname and IP, but same O/S level (aix). > > My first thoughts in doing this was to: > Stop the master server, all clients will then goto to the slave for > authentication. > Install the krb5 binaries, without configuring the new master. > Tar up the /var/krb5 and /etc/krb5 directories, then untar it onto the > new host. > Change the kdc and krb5 conf files with the new hostname. Start the > new master up > > Would that work, or is there another sequence I should follow. > > Thanks > Pete. > _______________...

how to propagate kerberos master db from behind NAT?
Dear All, I try to propagate the content of a master kerberos db to a slave kdc, and it fails with the following error: kpropd: Incorrect net address while decoding database size from client I googled for a solution in vain. I read through this list to find someone experiencing the same error message though I guess his situation is somewhat different. So I ask for a hint if someone can help me. Here is the network layout, to have host names anonymized I'll use SLAVE, MASTER, etc.: WAN ~~~ | | subnet of FQ IP addresses provided by ISP ----------------- | | SLAVE NAT-ROUTER (+firewall) | | 10.0.0.x/24 subnet ------------------------------------- | | | | | MASTER STORAGE LOGIN WEB ... MAIL DNS A few debian servers (and so the MASTER krb kdc) are installed with local IP addresses. From the outside they are seen with the same fully qualified IP address. Machines are working fine. In SLAVE machine I would like to achieve authentication to the kerberos database served by the MASTER behind nat. At the moment we can simply run the kinit command without a problem. However, there might be cases of link failure between the NAT-ROUTER and the SLAVE making life very hard at the SLAVE then. So I think it would be wise to propagate regularly krb db content from the MASTER to the SLAVE machine. At SLAVE the content of /etc/krb5kdc/kpropd...

how do i select only master records where master is not present in join table
hi- i want to find master records where that master doesn't have a presence in the join table. for example, if i were doing a restaurant review web site, and i have users, reviews, and restaurants. i want to find all restaurants for which a specific user has NOT written a review. i tried this: select distinct restaurants.id from restaurants left join reviews on restaurants.id = reviews.restaurant_id where (reviews.user_id <> 5 or review_users is NULL) but this doesn't work because it finds restaurants where user 5 AND someone else have reviewed and only elim...

migrating ns1/master to hidden master with additional secondary
Since it seems people still don't have much luck with multi-threading + linux, I think we'll be going to the hidden master setup. To do this we'll need to migrate our current master/ns1 hardware to be the hidden master and move ns1 ip to a new secondary machine. In our current setup new zones go like this : New zone file gets put on master and master zone file updated + rndc reconfig (reconfig causes timeouts from ns1 = bad) Once the master is done it notifies the two secondaries (ns2, ns3) which are listed in each zone file (default behaviour). ns1 is also in the zone file as NS but it's skipped because the master is ns1. Our NEW setup would go : Update master zone files on hidden master + do reconfig (no timeouts because it's not ns1 anymore) Then notify all three nameservers listed in zone files (ns1,ns2,ns3) My question is how to do this ip migration smoothly and what are the many pitfalls I am not foreseeing in splitting ns1/master stuff. Thanks for any advice. -- ___ /\__\ /:/ / /:/__/ /::\ \ /:/\:\ \ \/__\:\ \ \:\__\ \/__/ avis tavis@hq.newdream.net New Dream Network ...

HW compatibility of MSI 845E Master-LR / Master-LRM
Hi, Has anybody had any good experiences using the MSI (Microstar) 845E Master LR or Master LRM motherboards with RH 9.0 or RH Enterprise Linux 3.0? Is it stable? The motherboard is based on the Intel 845E northbridge. How is the support for the hard driver controllers (ICH4 & Promise PDC20276 or PDC20271 based) & the onboard LAN (Intel 82551 10/100Mbps &Intel 82540 1Gb) ? Please note the RAID function is probably not going to be used. Although its going to be used as a server, I still need X.. so how is the support for ATI RageXL? Anyway here is the url to the mobo: <...

about one font' single master and multiple master variants
Dear all, I am a newbie in the font design world,don't understand what is one font' single master version and what is its multiple master one. I think the former is the same as the font itself, but how the later? Who can explains the differences between them, for example the Minion and Minion MM? Thanks in advance. In article <1142674971.606487.157590@j33g2000cwa.googlegroups.com>, jintau@gmail.com says... > Dear all, I am a newbie in the font design world,don't understand what > is one font' single master version and what is its multiple master one. > I th...

Changing master key (Kerberos authentication server+LDAP database)
Is it possible to change the master key of a realm when LDAP is used as the database server? The stash file is not present since LDAP is used. Appreciate any help on this. Thanks, Anubha ...

Excessive redo generation on Master site in a very frequent master/snapshot replication
Hi all, I have the following problem: in a Master snapshot replication environment, which starts each 5 secs, regardless the number of DML (which is quite small), a huge quantity of redo logs are produced during a day. Even if the frequency of replication is very high, only few hundred of rows are replicated per hour, nonetheless, at the master site the redolog entries produced are really a lot of megas. Mining the logs, I see that each time the snapshot job starts, even though there are no rows to be propagated, an update on the MLOG$ table occurs, which, of course, produces the related ent...

NameError question - def(self,master)
Hi I am new to writing module and object oriented python code. I am trying to understand namespaces and classes in python. I have the following test case given in three files runner , master and child. I am getting an error within child where in one line it understands variable master.name and in the next line it gives a NameError as given here " print "Reset name now from %s to %s , oldname %s is saved in mastertrash" % (master.trash, master.name , master.trash) NameError: name 'master' is not defined" Sorry for a long post because I dont know how to frame ...

[Related topic] Question about NTP.CONF master and local-master commands
Hello, [Also posted to vmsnet.networks.tcp-ip.tcpware.] What is the point of the local-master and master commands? Can't you just use the server command to point nodes to the "local-master"? Suppose I have a fleet of VAX systems in London and another in NYC and a non-VMS NTP server in our NYC office. Can't I just have each London VAX point to a particular London VAX and have that particular London VAX point to a set of VAX systems in NYC or even our NTP server (which is NOT a VAX system). And then if the WAN goes down, all the London VAX systems would then sync off the &q...

IIyama Vision Master Pro 450 or Vision Master Pro 454
I can get a second hand Pro 450 in very good condition for about 70 to 80 UK pounds or buy a new Pro 454 which would cost about 230 UK pounds. Does anyone have any idea if the 454 much better than the 450 regarding picture quality etc and is it as reliable. Do you think it it would be worth paying the extra for the new monitor John <j@ntlworld.com> wrote in news:em8jl0h9fhf3ebt8m1h5jgodnuf5epnk6b@ 4ax.com: > I can get a second hand Pro 450 in very good condition for about 70 > to 80 UK pounds or buy a new Pro 454 which would cost about 230 UK > pounds. I have a 450 ...

Web resources about - Kerberos master/master sync using OpenLDAP N-Way Multi-Master - comp.protocols.kerberos

Queensland Reds eyeing multi-sport master Hayden Smith
THE Queensland Reds are considering making a play for former New York Jets tight end Hayden Smith as they look to rebuild after a demoralising ...

Harvard Launches Design Engineering Master's Program to Tackle Multi-Scale Problems
The evolution of design education will take another step forward in the fall of 2016, when Harvard University will begin offering a Master in ...

DirecTV offering interactive, multi-screen HD coverage of Masters Tournament
DirecTV is most definitely going out of its way to appease consumers this month, as shortly after announcing exclusive HD coverage of the South ...

Parents can sleep while kids play safely in this amazing multi-level master bedroom - Inhabitat - Green ...
Russian architecture studio Ruetemple has created a perfect multi-use bedroom for a family of four.

Layering Master, A Handy Multi-Functional Tool That Creates Novel Multi-Layer Drinks
The Layering Master is a handy multi-functional stainless steel tool that helps even the most novice mixologist create fun, multi-level cocktails. ...

Parents can sleep while the kids play in this amazing multi-level master bedroom
Read the rest of Parents can sleep while the kids play in this amazing multi-level master bedroom

Resources last updated: 3/10/2016 9:45:04 PM