Announcement Announcement Module
No announcement yet.
Spring security kerberos - IIS loadbalancer Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring security kerberos - IIS loadbalancer

    Hello everyone,

    My application needs kerberos integration so I gave spring-security-kerberos a try. I made the sample work just fine on one server, but now I want to use it in a more complex scenario, closer to reality.

    The setup is as follows:

    2 application servers on linux (srv1 and srv2)
    1 windows 2003 server with
    - IIS (load balancer to srv1 and srv2)
    - Active Directory (Kerberos)
    - DNS

    - srv1 and srv2 are in the domain (srv1.mydomain.internal and srv2.mydomain.internal)
    - MS server is in the domain (main.mydomain.internal)
    - client computer (windows XP machine) is in the domain (cl1.mydomain.internal)

    My question is how do I make the configuration so that my client can use the application thru the load balancer ? From client I want to access the application on url https://main.mydomain.internal

    - Do I have only 1 keytab for the loadbalancer machine that I put on srv1 and srv2 ?
    - Do I have 2 keytabs, one for each application server ? What happens if some requests go to srv1 and some to srv2 ?

    Is there any special configuration that I need to do on the IIS for the communication between the client and the app server over kerberos ? I use IIS only for loadbalancing, not for authentication or anything else.

    Please share your expertise.