Hi, In Kerberos SSO, there are 3 solutions to define KDC server left blank : use DNS to find kerberos server with SRV record : not recommended by F5, requires change of /etc/krb5.confKDC hostname : use DNS to resolve kerberos IP from provided name : a little betterKDC IP : recommended by F5 When configuring hostname or IP, I did not find how to configure more than one server. The only solution I found was to create a VS listening on all ports (to allow LDAP and Kerberos ports, UDP and TCP) Is it the solution? is there a solution to configure more than one server? can we configure a pool like in AD Auth?

Yes, You would need to use a separate VS to accomplish this. Just point the KDC to the VIP and the pool members to the KDCs. -Seth

Forum Discussion

Cumulonimbus

Mar 24, 2016

Hi,

In Kerberos SSO, there are 3 solutions to define KDC server

left blank : use DNS to find kerberos server with SRV record : not recommended by F5, requires change of /etc/krb5.conf
KDC hostname : use DNS to resolve kerberos IP from provided name : a little better
KDC IP : recommended by F5

When configuring hostname or IP, I did not find how to configure more than one server.

The only solution I found was to create a VS listening on all ports (to allow LDAP and Kerberos ports, UDP and TCP)

Is it the solution? is there a solution to configure more than one server? can we configure a pool like in AD Auth?