[LON-CAPA-admin] Kerberos Redundancy

[Gabriel Friedmann]

Hey all.

I consider this a lon-capa issue as it is related to the 
authentication of my users.

The lon-capa students here log on with their university assigned 
username and passwords.  I authenticate this via kerberos to 
the Active Directory Domain servers.

in my krb5.conf file i have:
kdc=central.cmich.local

which is the DNS record for the domain.  It returns multiple 
addressed (for the multiple Domain Controllers)

*If* the first reported address is unusable for some reason, 
authentication fails (it does not try another address).  

I know other admins use kerberos to authenticate lon-capa users.  
How do you provide redundancy in this case?

-- Gabriel Friedmann