« Return to Thread: nss_ldap + krb5 + nscd + Window AD 2003 Failover Concern~~

nss_ldap + krb5 + nscd + Window AD 2003 Failover Concern~~

by Jacky Chan :: Rate this Message:

Dear all,

I have the subjected components configured to have single sign on in Linux box against W2K3 AD.
I have a concern of the failover behavours when W2K3 AD is fail-over.
I have three W2K3 AD running Windows cluster, and one is the master Kerberos server.

If the master KDC server is down,
# A already cached user (probably by nscd), can be login by su or ssh
And the new password changed by KDC take over slave server takes effect.

# A non-cached user, though, cannot even login by su or ssh, finally ended up with user doesn't exist.
Some users of this kind of, can issue kinit, but some are not.

I am wondering, if krb5.conf can only specify one admin_server (master Kerboers server), how does it to handle failover suitation when this master server is down? Is anyone out there try this approach and has the similiar concern? Let's share.

Thank you very much.

Best,
Jacky

« Return to Thread: nss_ldap + krb5 + nscd + Window AD 2003 Failover Concern~~