Do I just add more to:
REALM.COM = {kdc = kdc1.realm.com
kdc = kdc2.realm.com
...
kdc = kdc100.realm.com}
What would happen when fist 50 KDC fails to respond? Is there some failover or MS Domain Controller Locator implemented (https://technet.microsoft.com/en-us/library/cc961830.aspx) ?
I think you have defined it correctly.
https://web.mit.edu/kerberos/krb5-1.13/doc/admin/install_kdc.html
http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html#sample-krb5-conf-file
HI, thanks for your answer, is it known what is algorithm of choosing "the right one KDC"?
After digging around I found this blog.
https://community.cloudera.com/t5/Cloudera-Manager-Installation/kerberos-High-Availability/m-p/46741