Kerberos master/master sync using OpenLDAP N-Way Multi-Master

I haven=B9t seen this idea posted anywhere.  The new version of OpenLDAP (I=B9m
using 2.4.15) has the ability to run in a multi-master mode.  I was able to
set up two servers that each ran a Kerberos instance as well as an OpenLDAP
instance that had ldap and kerberos failover.  I now don=B9t need to worry
about doing any sync with Kerberos, as LDAP does it all. I can also run
kadmin against either of the kerberos servers. Some tests I did that were
pretty successful were:

Realm setup:
  kdc =3D kdc01.security.lab.comcast.net:88
  kdc =3D kdc02.security.lab.comcast.net:88

Turn off kdc on kdc01 -> successfully authenticated with kdc02
Turn on kdc but turn off ldap on kdc01 -> successfully authenticated with

The failover works exactly as a expected.

3/11/2009 11:13:33 PM
comp.protocols.kerberos 5541 articles. 1 followers. jwinius (31) is leader. Post Follow

0 Replies

Similar Articles

[PageSpeed] 53