On Sat, Oct 31, 2020 at 01:02:34AM -0400, Greg Hudson wrote: > In the MIT krb5 implementation, they are tried in the order specified, > with a 1s delay in between. I can't speak to the Java implementation, > unfortunately.
Ah, so each subsequent server is only used if all the ones before it failed? There's no mechanism for load balancing when using file based kdc configuration? We're currently using DNS SRV records and all of our kdc's seems to have fairly equal load. Are DNS SRV records handled differently in terms of distributing load, or is that just a side effect of the resolver handing them back in a different order for each lookup? > The request would fail with an unreachable error, in the MIT implementation. Thanks for the info. It doesn't look like the java implementation tries the listed master anyway for a password failure, it just immediately errors out. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
