kerberos password change in master-slave environ

John Hascall john at iastate.edu
Wed Mar 24 15:57:00 EST 2004



> >I'm not saying multi-master isn't desirable, but for the average realm,
> >you
> >can live without it.  For a larger realm, (in the tens of thousands of
> >principals) having incremental propagation probably takes care of the
> >issues you have with DB propagation.

> Our realm has 43,000+ principals so for us, its a big deal. :)  We have
> slaves not only for redundancy, but also for load balancing.  We don't want
> all the users on our campus authenticating or changing passwords against
> just one machine.  

I'll see your 43,000 principals and raise you about 15,000 more :)

We use a single master incrementally updating a single offsite slave
(both PCs running NetBSD) and we see no performance problems at all.

John


More information about the Kerberos mailing list