On Fri, 2014-07-25 at 11:00 +0100, Dameon Wagner wrote: > Using an LDAP backend with multi-master replication _could_ > potentially allow for having more than one active krb5-admin-server in > your realm, but I don't know if this is a supported configuration in > MIT (IIRC Heimdal may allow this, but I'm not sure if OpenLDAP's > multi-master replication is mature enough to recommend or rely on it > for something as core as Kerberos).
Multi-master replication works fine, and is arguably the only sensible reason to use the LDAP backend in the first place --- it's slower and more painful to manage compared to the standard backend. -- -- brandon s allbery kf8nh sine nomine associates [email protected] [email protected] unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
