scaling problems

Subu Ayyagari s.ayyagari at xpedite.com
Wed Apr 14 17:02:19 EDT 2004


All,

Unfortunately SUN SEAM kerberos does *not*
seem to do that. Users have to wait upto one hour
when the *full* prop occurs.
(SUN Support indicated that the krb5 propagation cannot 
  do delta...instead it does a full transfer each time...
  it is sooo clunky...)


-subu
email: s.ayyagari at xpedite.com

-----Original Message-----
From: kerberos-bounces at MIT.EDU [mailto:kerberos-bounces at MIT.EDU]On
Behalf Of Jeffrey Altman
Sent: Wednesday, April 14, 2004 1:09 PM
To: kerberos at MIT.EDU
Subject: Re: scaling problems


denis.havlik at t-mobile.at wrote:
> Hi, folks
> 
> 2) Users wouldn't be happy if they were unable to login one hour every 
> time they change password. 
> 
> So, logical consequence is that master must answer all TGT requests. 
> Having a slave around in case master dies is better than nothing, but 
> slave should never get the TGT requests as long as the master is alive.

Of course the user would not be happy this way.  If the TGT request 
fails because of an incorrect password, the client checks to see whether
or not the KDC contacted was in fact the master.  If not, it sends a
request to the master.
________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


More information about the Kerberos mailing list