saslauthd and linux-HA

Back Ports backports at gmail.com
Wed Mar 21 08:21:46 EST 2007


Guus,

Firstly, thank you for your reply.

On 3/21/07, Guus Leeuw jr. <guus.leeuw at guusleeuwit.com> wrote:
> Well, look at the krb5kdc.log on your Kerberos server. That should tell you
> at least what's going on in terms of requests.
>
> Without that there is no real debugging from afar.
>
> And as well: Is your saslauthd configured as a unix socket on the mail
> server and does it do TPC/IP traffic to Kerberos? How is that traffic coming
> along into the Kerberos server? Same package or modified source and
> destination headers? What happens to the IP package if mail1 sends a package
> to kdc.domain.com from behind the load balancer? Will the load balancer
> interfere or not?
>
> Loads of things to check... But primarily, check out the logs of the
> Kerberos server.

I actually was pointed to the right direction by the kerberos FAQ,
especially the section on multi-homed machines:

http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#kerbdns

I have part of the author's recommended way implemented here which
appears to be working with very limited testing from my end.

Appreciate your comments.

Regards,
Mustafa.


More information about the Cyrus-sasl mailing list