[keycloak-user] Kerberos keytab in a Clustered KC setup
Rafael T. C. Soares
rsoares at redhat.com
Fri Jul 29 18:26:05 EDT 2016
Hi!
Just to share with you I applied the approach described in this MIT
Kerberos admin guide [1]. We used an alias (an "A" DNS record with PTR
(reverse DNS)) as the Service Principal for our keytab. Actually we used
the DNS alias created for the front-end apache httpd used as load
balancer in our KC setup.
[1] */Principal names and DNS/* -
https://web.mit.edu/kerberos/krb5-1.11/doc/admin/princ_dns.html
___
Rafael T. C. Soares
On 07/26/2016 10:27 PM, Rafael T. C. Soares wrote:
>
> Hi!
>
> How should I generate my Kerberos keytab file to use in a KC clustered
> domain (multiple hosts)?
> I have to create a keytab for each KC Host? When I create the keytab I
> have to inform the Service Principal (eg
> 'HTTP/myhost.example.com at MYDOM.COM'). But how the KC will know which
> Service Principal it should use if I have different KC instances
> distributed in different hosts? Is there a way to create a Service
> Principal on a keytab that serves for the entire cluster regardless
> the KC host instance?
>
> Thanks in advance?
> --
> ___
> Rafael T. C. Soares
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160729/e2415397/attachment.html
More information about the keycloak-user
mailing list