kerberos password change in master-slave environ
Digant Kasundra
digant at uta.edu
Wed Mar 24 16:59:16 EST 2004
That's very impressive and it gives me a lot of hope that our
proof-of-concept will be successful! I'm very glad to hear this. What kind
of usage do you see on this? Do you use MIT or Heimdal?
-----Original Message-----
From: John Hascall
To: Digant Kasundra
Cc: Kerberos List
Sent: 3/24/2004 2:57 PM
Subject: Re: kerberos password change in master-slave environ
> >I'm not saying multi-master isn't desirable, but for the average
realm,
> >you
> >can live without it. For a larger realm, (in the tens of thousands
of
> >principals) having incremental propagation probably takes care of the
> >issues you have with DB propagation.
> Our realm has 43,000+ principals so for us, its a big deal. :) We
have
> slaves not only for redundancy, but also for load balancing. We don't
want
> all the users on our campus authenticating or changing passwords
against
> just one machine.
I'll see your 43,000 principals and raise you about 15,000 more :)
We use a single master incrementally updating a single offsite slave
(both PCs running NetBSD) and we see no performance problems at all.
John
More information about the Kerberos
mailing list