The information in this article applies to:
Product: Knowledge Exchange
Version: 6.1.x
Issue
- Can multiple domain controllers per realm be specified in krb5.ini in order to provide failover coverage?
Resolution
Yes, this can be done as shown below.
krb5.ini with 1 domain controller (192.168.101.91):
\[libdefaults\] default\_realm=PROVISIONSUPPORT.COM default\_tkt\_enctypes=rc4-hmac des-cbc-md5 des-cbc-crc des3-cbc-sha1 default\_tgs\_enctypes=rc4-hmac des-cbc-md5 des-cbc-crc des3-cbc-sha1 permitted\_enctypes=rc4-hmac des-cbc-md5 des-cbc-crc des3-cbc-sha1 kdc\_req\_checksum\_type=2 ccache\_type=2 ticket\_lifetime=600 \[realms\] PROVISIONSUPPORT.COM = \{ kdc = 192.168.101.91 admin\_server = 192.168.101.91 default\_domain = PROVISIONSUPPORT.COM \} \[domain\_realm\] .provisionsupport.com = PROVISIONSUPPORT.COM provisionsupport.com = PROVISIONSUPPORT.COM \[appdefaults\] autologin=true forward=true forwardable=true encrypt=true
Revised krb5.ini after adding 2 more domain controllers (192.168.101.92, 192.168.101.93):
\[libdefaults\] default\_realm=PROVISIONSUPPORT.COM default\_tkt\_enctypes=rc4-hmac des-cbc-md5 des-cbc-crc des3-cbc-sha1 default\_tgs\_enctypes=rc4-hmac des-cbc-md5 des-cbc-crc des3-cbc-sha1 permitted\_enctypes=rc4-hmac des-cbc-md5 des-cbc-crc des3-cbc-sha1 kdc\_req\_checksum\_type=2 ccache\_type=2 ticket\_lifetime=600 \[realms\] PROVISIONSUPPORT.COM = \{ kdc = 192.168.101.91 kdc = 192.168.101.92 kdc = 192.168.101.93 admin\_server = 192.168.101.91 default\_domain = PROVISIONSUPPORT.COM \} \[domain\_realm\] .provisionsupport.com = PROVISIONSUPPORT.COM provisionsupport.com = PROVISIONSUPPORT.COM \[appdefaults\] autologin=true forward=true forwardable=true encrypt=true
