Failover question - Kerberos

This is a discussion on Failover question - Kerberos ; This is probably a stupid question but the docs I have been reading have forced me to ask. If the master goes down the slave should automatically pick up the authentication requests, correct? So far, from what I have read, ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Failover question

  1. Failover question

    This is probably a stupid question but the docs I have been reading have forced
    me to ask. If the master goes down the slave should automatically pick up the
    authentication requests, correct?

    So far, from what I have read, it says that I need to copy the db over, stop the
    master, start a couple of services on the slave, the then bring up the slave to
    be able to answer requests.

    If this is the case, should I instead run two masters with one backing up the db
    to the other?

    Thanks for all the help,

    Jon

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: Failover question


    Here's what we do...

    There's one master KDC and two slaves. The master propagates it's
    database to the slaves every 5 minutes if there were any changes. All of
    the servers have the same startup script that detects the existence of a
    file. If said file exists, it starts the server as a master (with
    kadmind), otherwise it starts as a slave (without kadmind).

    krb5.conf is configured with CNAMEs for the actual servers.

    So, in the case of a failure:
    1) Turn off the failed master.
    2) Create the master indicating file on one of the slaves.
    3) Restart services on the slave.
    4) Change the master kerberos server CNAME to point to the new master.
    5) Reconfigure propagation from the new master to the remaining slave.

    After fixing the failed system we can bring it back up as a slave and put
    it back in the pool.

    -Mike

    > This is probably a stupid question but the docs I have been reading have forced
    > me to ask. If the master goes down the slave should automatically pick up the
    > authentication requests, correct?
    >
    > So far, from what I have read, it says that I need to copy the db over, stop the
    > master, start a couple of services on the slave, the then bring up the slave to
    > be able to answer requests.
    >
    > If this is the case, should I instead run two masters with one backing up the db
    > to the other?
    >
    > Thanks for all the help,
    >
    > Jon
    >
    > ________________________________________________
    > Kerberos mailing list Kerberos@mit.edu
    > https://mailman.mit.edu/mailman/listinfo/kerberos
    >

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread