Re: Hardware Load Balence of Kerberos

Joe,

In MOST cases you are correct...BUT....in some cases you are not. In the case of LDAP, take a poorly written app the requires a ip address entered for the LDAP host...or in the Kerberos case, device that depends on a krb5.conf file.....now I know that I could add additional kdc entries to the krb5.conf file, but I don't care to manage that on a large number of devices. So, do you have any information that would address this scenario, or a constructive reply to my original question ?

Thanks !!

Geoff



Joe Richards [MVP] wrote:
You shouldn't have to for LDAP nor Kerberos, there is load balancing and redirection built into the product.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

============================================================================

Do not read this worthless blog entry on
Defending Security Infrastructures http://blog.joeware.net/2006/07/11/445/
I'm serious, you will learn absolutely nothing about
Defending Security Infrastructures.
============================================================================


Geoff wrote:
Hello everyone

Has any here used a Hardware Load Balancer device such as Cisco Arrowpoint to load balance AD Kerberos? We currently do it for AD DNS and AD LDAP, and I'm investigating doing it for Kerberos as well.

Thanks ,

Geoff
.

Relevant Pages

  • Re: Authenticating LDAP connection with current windows users credentials?
    ... setup and theory behind an ldap ... The Kerberos only works with ADS right now but that is sufficient for your situation. ... when the user has logged in interactively and therefore has a valid Kerberos ticket cached in Windows logon credential cache. ... CallbackHandler callbackHandler = new KerbCallback; ...
    (comp.lang.java.programmer)
  • Re: Anyone has an apache running with mod_auth_kerb AND mod_auth_ldap?
    ... (Specified realm `persona.de' not allowed by configuration) ... I recommend steering this thread back onto the kerberos mailing list. ... So what you're saying is that users do not know their userPrincipalName ... You could split the name and do an LDAP search on sAMAccountName=abaker ...
    (comp.protocols.kerberos)
  • Re: Hardware Load Balence of Kerberos
    ... can you not just specify use of DNS resolution in your ... case of LDAP, take a poorly written app the requires a ip address entered ... Has any here used a Hardware Load Balancer device such as Cisco ... Arrowpoint to load balance AD Kerberos? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Kerberos Confusion / Design Questions
    ... > I'm planning on deploying Sun-Kerberos with LDAP I have a few design ... > server via gssapi-keyex SSO and other servers can log back into my ... > that is puzzling me is how to handle Kerberos access, ... > authentication will basically be provided through LDAP at this point ...
    (comp.protocols.kerberos)
  • LDAP+Kerberos in Solaris 8
    ... LDAP & Kerberos clients: ... error No account present for user ... # Authentication management ...
    (SunManagers)