On 11/5/20 12:53 AM, Paul B. Henson wrote:
> We're currently using DNS SRV records and all of our kdc's seems to have
> fairly equal load. Are DNS SRV records handled differently in terms of
> distributing load, or is that just a side effect of the resolver handing
> them back in a different order
On Sat, Oct 31, 2020 at 12:12:04PM +, Roland C. Dowdeswell wrote:
> Last I checked with the Java implementation which is granted a very
> long time ago (maybe 2012), they were used in order retrying failures
> three times. I think that the default timeout was 30s between each
> attempt meanin
On Sat, Oct 31, 2020 at 01:02:34AM -0400, Greg Hudson wrote:
> In the MIT krb5 implementation, they are tried in the order specified,
> with a 1s delay in between. I can't speak to the Java implementation,
> unfortunately.
Ah, so each subsequent server is only used if all the ones before it
fail
On 10/29/20 12:13 PM, Paul B. Henson wrote:
Any other suggestions for achieving a separate primary/failover
configuration for two different network locations in a fashion that
would work properly with the Java kerberos client?
I have no idea if this would work or not.
But I would consider DNS
On Sat, Oct 31, 2020 at 01:02:34AM -0400, Greg Hudson wrote:
>
> In the MIT krb5 implementation, they are tried in the order specified,
> with a 1s delay in between. I can't speak to the Java implementation,
> unfortunately.
Last I checked with the Java implementation which is granted a very
lon
On 10/29/20 2:13 PM, Paul B. Henson wrote:
> In the krb5.conf file, you can specify kdc's statically, but there is no
> mechanism for prioritizing them or indicating which ones should be tried
> first.
In the MIT krb5 implementation, they are tried in the order specified,
with a 1s delay in betw
