APM : Multiple servers for Kerberos SSO

Question

Hi,&nbsp;
In Kerberos SSO, there are 3 solutions to define KDC server&nbsp;
left blank : use DNS to find kerberos server with SRV record : not recommended by F5, requires change of  /etc/krb5.confKDC hostname : use DNS to resolve kerberos IP from provided name : a little betterKDC IP : recommended by F5
When configuring hostname or IP, I did not find how to configure more than one server.&nbsp;
The only solution I found was to create a VS listening on all ports (to allow LDAP and Kerberos ports, UDP and TCP)&nbsp;
Is it the solution? is there a solution to configure more than one server? can we configure a pool like in AD Auth?&nbsp;

seth_cooper · Answer

Yes, You would need to use a separate VS to accomplish this.  Just point the KDC to the VIP and the pool members to the KDCs.&nbsp;
-Seth&nbsp;

Forum Discussion

APM : Multiple servers for Kerberos SSO

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Multiple server with one VS

Kerberos Is Easy - Part 1

iRule for multiple host to multiple pools and redirect path on one host.

multiple certificate on one virtual server

Multiple Port Load Balancing