kerberos capacity planning questions

John Hascall john at iastate.edu
Wed Feb 20 17:23:11 EST 2008


Russ Allbery <rra at stanford.edu> writes:
> Tim Metz <tpmetz at ucdavis.edu> writes:
> > Greetings,
> > As part of a campus working group currently evaluating Kerberos product
> > options, I have been tasked with researching the following two
> > requirements for MIT Kerberos:
> > (1) Must house more than 200,000 accounts.
> > (2) Must issue more than 3 tickets per second.

> MIT Kerberos can trivially satisfy both of those with any reasonable
> server hardware.  We were doing more authentications per second than that
> on a now-obsolete Dell 1750.  We're now running the primary Kerberos
> server, which handles almost all the authentications on a Dell 1950.

   Even on non-reasonable hardware.  In 1990 I tested our
   pathetic-by-current-standards DECstation 2100-based KDC
   at around 40 tickets/sec (single DES then, of course).

   Our peak second so far today (also on a Dell 1950)
   was 58 tickets issued (we'll do around a million
   over the course of the whole day).
   (FWIW: peak minute was 1248, peak hour 66274)

John



More information about the Kerberos mailing list