3:27 a.m.
Hi!
How should I generate my Kerberos keytab file to use in a KC clustered
domain (multiple hosts)?
I have to create a keytab for each KC Host? When I create the keytab I
have to inform the Service Principal (eg
'HTTP/myhost.example.com(a)MYDOM.COM'). But how the KC will know which
Service Principal it should use if I have different KC instances
distributed in different hosts? Is there a way to create a Service
Principal on a keytab that serves for the entire cluster regardless the
KC host instance?
Thanks in advance?
--
___
Rafael T. C. Soares
12:26 a.m.
Hi!
Just to share with you I applied the approach described in this MIT
Kerberos admin guide [1]. We used an alias (an "A" DNS record with PTR
(reverse DNS)) as the Service Principal for our keytab. Actually we used
the DNS alias created for the front-end apache httpd used as load
balancer in our KC setup.
[1] */Principal names and DNS/* -
https://web.mit.edu/kerberos/krb5-1.11/doc/admin/princ_dns.html
___
Rafael T. C. Soares
On 07/26/2016 10:27 PM, Rafael T. C. Soares wrote:
Hi!
How should I generate my Kerberos keytab file to use in a KC clustered
domain (multiple hosts)?
I have to create a keytab for each KC Host? When I create the keytab I
have to inform the Service Principal (eg
'HTTP/myhost.example.com(a)MYDOM.COM'). But how the KC will know which
Service Principal it should use if I have different KC instances
distributed in different hosts? Is there a way to create a Service
Principal on a keytab that serves for the entire cluster regardless
the KC host instance?
Thanks in advance?
--
___
Rafael T. C. Soares
2827
days inactive
2829
days old
1 comments
1 participants
participants (1)
-
Rafael T. C. Soares