roy liang via FreeIPA-users wrote:
What is the access mechanism of kdc? For example, I have the
following configuration. When a kdc user logs in, is his access mechanism sequential or
random or hash access?
So when will the second visit, the third visit...Or the last one?
Or will you only access the second one when the first one fails?
Is there any documentation? I looked up the documentation, and it doesn't specify
this, because I don't know how to optimize and determine where the problem is when the
number of connections is under pressure.
Ask for help, thank you!
IIRC it always starts at the top and on failure the Kerberos client will
try the next kdc in the list.
IMHO you are much better off using DNS discovery for finding the KDCs.
https://web.mit.edu/kerberos/krb5-latest/doc/admin/realm_config.html
rob
.....
[realms]
YYDEVOPS.COM = {
admin_server =
kdc01.xx.com
kdc = kdc01.xx.com:41012
kdc = kdc01.xx.com:41013
kdc = kdc01.xx.com:41011
kdc = kdc01.xx.com:41014
kdc = kdc01.xx.com:88
kdc = kdc02.xx.com:88
kdc = kdc03.xx.com:88
kdc = kdc04.xx.com:88
}
.....
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue