kerberos password change in master-slave environ
John Hascall
john at iastate.edu
Wed Mar 24 15:57:00 EST 2004
> >I'm not saying multi-master isn't desirable, but for the average realm,
> >you
> >can live without it. For a larger realm, (in the tens of thousands of
> >principals) having incremental propagation probably takes care of the
> >issues you have with DB propagation.
> Our realm has 43,000+ principals so for us, its a big deal. :) We have
> slaves not only for redundancy, but also for load balancing. We don't want
> all the users on our campus authenticating or changing passwords against
> just one machine.
I'll see your 43,000 principals and raise you about 15,000 more :)
We use a single master incrementally updating a single offsite slave
(both PCs running NetBSD) and we see no performance problems at all.
John
More information about the Kerberos
mailing list