[Freeipa-users] On Load Balancers and Kerberos
Dmitri Pal
dpal at redhat.com
Sun Apr 5 18:02:23 UTC 2015
On 04/05/2015 11:55 AM, Simo Sorce wrote:
> I wrote a blog post to clarify a little bit how load balancers and
> Kerberos interact: https://ssimo.org/blog/id_019.html
>
> HTH,
> Simo.
>
Nice article!
Thanks for clarifying it.
However the proxy case has also another option that is not mentioned.
Proxy can terminate the connection but can use s4u2proxy to connect to
real servers. Of cause this would mean that LB can impersonate anyone
(which is definitely not good) but most of the solutions in the list
except for aliasing have significant security implications so it might
make sense to mention this one too.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list