question Re: Kerberos KDC secondary in Archives of Support Questions (Read Only) https://community.cloudera.com/t5/Archives-of-Support-Questions/Kerberos-KDC-secondary/m-p/149051#M32531 <P>I generally recommend letting DNS handle this. The latest versions of the KRB client will default to resolving the KDC from SRV records in the DNS for the realm. This should be configured by default if you use Microsoft Active Directory (or AWS Simple AD). </P><P>If you want it explicit in your krb5.conf file, you can use DNS round robin with the A/AAA/CNAME and reference that name in krb5.conf. Further, you could have multiple "kdc" entries for a realm in krb5.conf and a master_kdc entry which is only used when there are certain kinds of issues.</P><P>You can always manage the krb5.conf from Ambari inside the Kerberos component configs.</P> Wed, 22 Jun 2016 01:45:05 GMT ewalk 2016-06-22T01:45:05Z Kerberos KDC secondary https://community.cloudera.com/t5/Archives-of-Support-Questions/Kerberos-KDC-secondary/m-p/149050#M32530 <P>Has anyone tried to have a secondary KDC. In production definitely it is not a good approach to have the KDC as a single point of failure. any thoughts or anyone has the steps with them.</P> Fri, 16 Sep 2022 10:26:33 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Kerberos-KDC-secondary/m-p/149050#M32530 arunpoy 2022-09-16T10:26:33Z Re: Kerberos KDC secondary https://community.cloudera.com/t5/Archives-of-Support-Questions/Kerberos-KDC-secondary/m-p/149051#M32531 <P>I generally recommend letting DNS handle this. The latest versions of the KRB client will default to resolving the KDC from SRV records in the DNS for the realm. This should be configured by default if you use Microsoft Active Directory (or AWS Simple AD). </P><P>If you want it explicit in your krb5.conf file, you can use DNS round robin with the A/AAA/CNAME and reference that name in krb5.conf. Further, you could have multiple "kdc" entries for a realm in krb5.conf and a master_kdc entry which is only used when there are certain kinds of issues.</P><P>You can always manage the krb5.conf from Ambari inside the Kerberos component configs.</P> Wed, 22 Jun 2016 01:45:05 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Kerberos-KDC-secondary/m-p/149051#M32531 ewalk 2016-06-22T01:45:05Z