In the course of setting up remctl for our AFS infrastructure, I was wondering how other sites expose remctld servers to their users. Do you have a hostname that's dedicated to this service, such as remctl.example.edu ?
In our environment we're going to run remctld on our AFS VLDB servers and our Kerberos KDCs. I was brainstorming about how useful and feasible it would be to have remctl look up SRV records for a domain, and then contact those hosts, like Kerberos or AFS does? One of the problems I foresee is that sometimes you want a task to run on an AFS VLDB server, and sometimes you want it to run on a Kerberos KDC. If your cell name matches your realm name, having a generic "_remctl._tcp.cell.example.com" SRV entry would not allow you to distinguish between server types. Does anyone else have ideas for remctl routing and high availability? I guess each remctl application could do a SRV lookup on _kerberos._udp, or _afs3-vlserver._udp, and then contact those servers individually. - Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
