How many nodes in realm?

Russ Allbery rra at stanford.edu
Wed Jan 4 22:51:30 EST 2006


Rodrick Brown <rbrown[@]doitt.nyc.gov> writes:

> I'm looking to implment Kerberos in our enviornment we have about 250
> servers and are growing at an alarming rate, we plan to double this
> amount in about 2 years or so, I've been looking at documentation which
> talks about breaking servers into different realms, but i've also heard
> about huge kerberos deployments consisting of 5000+ nodes all in one
> realm, should I just design for all my servers to sit in one realm? or
> split it out thanks. We dont really have a need to kerberoize any
> applications we just plan to use it for a centralized authentication
> store and single signon.

I'd just use a single realm.  The real reason to use multiple realms is if
you have multiple administrative entities who have to have control over
their own realms but shouldn't have control over other people's realms.
If you don't have that problem, a single realm is a lot easier to deal
with.

Kerberos scales without difficulty.  I wouldn't call 5000 huge.  :)

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list