As far as I know krb5.conf does not have limitations on the number of KDCs that can be
listedhttps://web.mit.edu/kerberos/krb5-1....krb5_conf.html
I have 3 servers that I would like to be read. I have no problem with at least two being
listed there.kdc=server1kdc=server2
when I shutdown server1 authentication happens without trouble against server2.But when I
list 3 servers therekdc=server1kdc=server2kdc=server3
and shutdown server1 and server2 authentication fails.
My theories about this are:1. there is a variable that specifies max number of kdcs. Seems
unlikely2. Bug. Also unlikely3. There is a variable that specifies total number of seconds
to wait before giving up.I tried playing with max_timeout and max_retries but that
didn't help
I'm drawing blank as to why only first two kdc lines are honored and would appreciate
any advise.
PS: I would also be interested in more information on relationship between sssd.conf and
krb5.conf
It seems like I can configure sssd.conf with ipa_server=_srv_, <explicit fqdn> Then
why is krb5.conf is necessary at all?