Master -> Slave replication
Russ Allbery
rra at stanford.edu
Mon Apr 21 18:40:01 EDT 2008
Donn Cave <donn at u.washington.edu> writes:
> But if I had to start over without a convenient way to implement
> incremental replication, I wouldn't worry as much about it as I did at
> the time. At any ordinary site, a single master KDC will take the whole
> load without breaking a sweat, so the replica is only really needed for
> service exception backup, and if in that event it's a few minutes out of
> date it isn't the end of the world.
Also, a lot of Kerberos clients will transparently retry on the master KDC
if they get an error from a slave KDC, which further reduces the need to
care even if you're not pointing all clients at the master by default.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list