scaling problems

Jeffrey Altman jaltman2 at nyc.rr.com
Wed Apr 14 13:08:53 EDT 2004


denis.havlik at t-mobile.at wrote:
> Hi, folks
> 
> 2) Users wouldn't be happy if they were unable to login one hour every 
> time they change password. 
> 
> So, logical consequence is that master must answer all TGT requests. 
> Having a slave around in case master dies is better than nothing, but 
> slave should never get the TGT requests as long as the master is alive.

Of course the user would not be happy this way.  If the TGT request 
fails because of an incorrect password, the client checks to see whether
or not the KDC contacted was in fact the master.  If not, it sends a
request to the master.


More information about the Kerberos mailing list