Hi!
Just to share with you I applied the approach described in this
MIT Kerberos admin guide [1]. We used an alias (an "A" DNS record
with PTR (reverse DNS)) as the Service Principal for our keytab.
Actually we used the DNS alias created for the front-end apache
httpd used as load balancer in our KC setup.
___ Rafael T. C. Soares
Hi!
How should I generate my Kerberos keytab file to use in a KC clustered domain (multiple hosts)?
I have to create a keytab for each KC Host? When I create the keytab I have to inform the Service Principal (eg ' HTTP/myhost.example.com@MYDOM.COM'). But how the KC will know which Service Principal it should use if I have different KC instances distributed in different hosts? Is there a way to create a Service Principal on a keytab that serves for the entire cluster regardless the KC host instance?
Thanks in advance?
-- ___ Rafael T. C. Soares