kerberos password change in master-slave environ

Digant Kasundra digant at uta.edu
Wed Mar 24 16:59:16 EST 2004


That's very impressive and it gives me a lot of hope that our
proof-of-concept will be successful!  I'm very glad to hear this.  What kind
of usage do you see on this?  Do you use MIT or Heimdal?

-----Original Message-----
From: John Hascall
To: Digant Kasundra
Cc: Kerberos List
Sent: 3/24/2004 2:57 PM
Subject: Re: kerberos password change in master-slave environ 



> >I'm not saying multi-master isn't desirable, but for the average
realm,
> >you
> >can live without it.  For a larger realm, (in the tens of thousands
of
> >principals) having incremental propagation probably takes care of the
> >issues you have with DB propagation.

> Our realm has 43,000+ principals so for us, its a big deal. :)  We
have
> slaves not only for redundancy, but also for load balancing.  We don't
want
> all the users on our campus authenticating or changing passwords
against
> just one machine.  

I'll see your 43,000 principals and raise you about 15,000 more :)

We use a single master incrementally updating a single offsite slave
(both PCs running NetBSD) and we see no performance problems at all.

John


More information about the Kerberos mailing list