Yubico Forum

Re: [QUESTION] sync between servers

2014-09-05T23:02:04+01:00

The OTP validating parts can easily be distributed: KSMs need no synchronizing outside of having the YubiKey secrets placed on each of them, and the validation server (YK-KSM) has synchronization built in.

YubiAuth is not yet set up for distributed use, but should work with multiple instances using master/master replication and otherwise identical configuration. I would not recommend having multiple YK-VAL instances using replicated databases however, as this could possibly interfere with the built-in synchronization in unexpected ways.

Statistics: Posted by dain — Fri Sep 05, 2014 11:02 pm

Re: [QUESTION] sync between servers

2014-09-03T22:00:19+01:00

I have the exact same problem.

I need to setup a couple redundant YubiX instances, with local auth. Obviously, maintaining the keys and users across several separate instances is not desirable. Master/master replication with MySQL might work (via a secure channel, like VPN), but which parts need to be replicated?

Also, there's ykval-queue. Which parts of the database are touched by it? Would master/master replication (configured indiscriminately) break ykval-queue?

Can I just master/master replicate the whole database, and just point the YubiX stack, on each server, at the local MySQL - effectively having a duplicated YubiX server? (same DB structure everywhere, etc.) Then ykval-queue would have to be turned off, right?

YubiX is a very interesting concept, but it's not that useful if there's no clear way to setup multiple redundant servers.

I only need a few pointers, what goes where (so to speak), and I'll try to figure out the rest myself. I'm willing to write a HOWTO and post it on the forum, if only someone could answer my questions above and get me started.

Statistics: Posted by FlorinAndrei — Wed Sep 03, 2014 10:00 pm

[QUESTION] sync between servers

2014-05-07T14:18:18+01:00

We want to use YubiX with multiple servers ( with yubico cloud auth and local users database for now).

What the best approach to sync users between servers. So far I am thinking about simple mysql replication from master to slaves but I don't want to to complicate things if "more correct" way available.

Thank you.

Statistics: Posted by nvitaly — Wed May 07, 2014 2:18 pm