IBM Security Verify

 View Only
  • 1.  multiple KDCs in kerberos configuration

    Posted Tue May 07, 2019 04:54 AM
    Hi community,

    While configuring kerberos on the ISAM appliance, I would like to configure multiple KDCs in order to not introduce a single point of failure.

    I cannot find documentation where multiple KDCs are configured and I am wondering if it is possible.
    Adding multiple KDCs pass input validation (using space, comma and semi-colon separators) but I am wondering if it is possible and if so, what delimiter I should use...

    Anybody done something like that before?
    Or anybody who could check the source code to see whether it is supported (and how to specify it?)

    Thx

    ------------------------------
    Kristof Goossens
    ------------------------------


  • 2.  RE: multiple KDCs in kerberos configuration

    Posted Tue May 07, 2019 05:00 AM
    Hi Kristof,

    IBM has released an APAR for this:
    https://www-01.ibm.com/support/docview.wss?uid=swg1IJ12191

    Indicating it's not clear from documentation:
    "Multiple KDC values can be defined as a single KDC property with a comma delimitered value list."

    Kind regards

    ------------------------------
    Dries Eestermans
    IS4U
    ------------------------------



  • 3.  RE: multiple KDCs in kerberos configuration

    Posted Tue May 07, 2019 07:05 AM
    Hi Dries,

    Thx for the info. Exactly what I was looking for!

    ------------------------------
    Kristof Goossens
    ------------------------------