Master -> Slave replication
Donn Cave
donn at u.washington.edu
Mon Apr 21 17:50:17 EDT 2008
In article <mailman.34.1208807065.25183.kerberos at mit.edu>,
Derek Harkness <dharknes at umd.umich.edu> wrote:
> Is kprop and kpropd really the only way to replicate a master and
> slave? It just seems lame that in 2008 I still have to write a cron
> job to replicate a database every X seconds.
As noted in another followup, some Kerberos sites have implemented
something on their own. We did. It was really more like a trivial
integration with already existing local accounting software, so
maybe not much help to anyone looking to go this way.
At the time we did that, the latency was not every X seconds, but
every X minutes, where X is two digits - since we would have to
at least wait long enough that the replica could complete its load
before getting a new one.
But if I had to start over without a convenient way to implement
incremental replication, I wouldn't worry as much about it as I
did at the time. At any ordinary site, a single master KDC will
take the whole load without breaking a sweat, so the replica is
only really needed for service exception backup, and if in that
event it's a few minutes out of date it isn't the end of the world.
This is why the
I sure would not turn to an LDAP back end for this reason.
Nothing against LDAP, if you have data to publish it's the way
to go and we do plenty of it here, but for replicating the KDC?
talk about a cure that's worse than the disease ...
Donn Cave, donn at u.washington.edu
More information about the Kerberos
mailing list