On Fri, Jul 24, 2020 at 10:44:34AM +0200, Klaus Brandl wrote: > > but then you have a single point of failure, if your loadbalancer is down, > nothing will work. We need a solution, that each system can work by itself. > So > at the moment we merge the keytabs of each system together, and we are able > to > takeover the addresses of the other systems. Then we have no loadbalancing, > but a fallback solution, what is more important on our systems. >
No, you don't have a single point of failure, this is why I mentioned using ktutil (well, I said ktadmin, my bad). You merge the keytab for the machine with the keytab for the HA user. This way the clients are able to both auth to the HA and to the the underlying machine. It is what we do, it works fine. -- Brett Lymn This email has been sent on behalf of one of the following companies within the BAE Systems Australia group of companies: BAE Systems Australia Limited - Australian Company Number 008 423 005 BAE Systems Australia Defence Pty Limited - Australian Company Number 006 870 846 ASC Shipbuilding Pty Limited - Australian Company Number 051 899 864 BAE Systems Australia's registered office is Evans Building, Taranaki Road, Edinburgh Parks, Edindurgh, South Australia, 5111. ASC Shipbuilding's registered office is Level 2, 80 Flinders Street, Adelaide, South Australia, 5000. If the identity of the sending company is not clear from the content of this email, please contact the sender. This email and any attachments may contain confidential and legally privileged information. If you are not the intended recipient, do not copy or disclose its content, but please reply to this email immediately and highlight the error to the sender and then immediately delete the message. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
