scaling problems
Jeffrey Altman
jaltman2 at nyc.rr.com
Wed Apr 14 13:08:53 EDT 2004
denis.havlik at t-mobile.at wrote:
> Hi, folks
>
> 2) Users wouldn't be happy if they were unable to login one hour every
> time they change password.
>
> So, logical consequence is that master must answer all TGT requests.
> Having a slave around in case master dies is better than nothing, but
> slave should never get the TGT requests as long as the master is alive.
Of course the user would not be happy this way. If the TGT request
fails because of an incorrect password, the client checks to see whether
or not the KDC contacted was in fact the master. If not, it sends a
request to the master.
More information about the Kerberos
mailing list