Can multiple KDCs be set up within a realm in an Active Directory integration

book

Article ID: 160549

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Can multiple KDCs be setup within an Active Directory ( AD ) integration?

Resolution

In general you can setup multiple KDCs within your KRB5.conf file.  The format, in general, would be:

[realms]

MY.REALM.COM = {
kdc = KDC1.MY.REALM.COM
kdc = KDC2.MY.REALM.COM
}


As another example of multiple KDCs setup you can see as reference 
http://www.fnal.gov/docs/strongauth/krb5conf.html

16.4 krb5.conf.template
[....]

FNAL.GOV = {
kdc = krb-fnal-1.fnal.gov:88
kdc = krb-fnal-2.fnal.gov:88
kdc = krb-fnal-3.fnal.gov:88
kdc = krb-fnal-4.fnal.gov:88
kdc = krb-fnal-5.fnal.gov:88
kdc = krb-fnal-6.fnal.gov:88
admin_server = krb-fnal-admin.fnal.gov
master_kdc = krb-fnal-admin.fnal.gov:88
default_domain = fnal.gov
WIN.FNAL.GOV = {
kdc = littlebird.win.fnal.gov:88
kdc = bigbird.win.fnal.gov:88
default_domain = fnal.gov
}

 

See also TECH220384 - Does Enforce support multiple Active Directory realms?