kerberos capacity planning questions
John Hascall
john at iastate.edu
Wed Feb 20 17:23:11 EST 2008
Russ Allbery <rra at stanford.edu> writes:
> Tim Metz <tpmetz at ucdavis.edu> writes:
> > Greetings,
> > As part of a campus working group currently evaluating Kerberos product
> > options, I have been tasked with researching the following two
> > requirements for MIT Kerberos:
> > (1) Must house more than 200,000 accounts.
> > (2) Must issue more than 3 tickets per second.
> MIT Kerberos can trivially satisfy both of those with any reasonable
> server hardware. We were doing more authentications per second than that
> on a now-obsolete Dell 1750. We're now running the primary Kerberos
> server, which handles almost all the authentications on a Dell 1950.
Even on non-reasonable hardware. In 1990 I tested our
pathetic-by-current-standards DECstation 2100-based KDC
at around 40 tickets/sec (single DES then, of course).
Our peak second so far today (also on a Dell 1950)
was 58 tickets issued (we'll do around a million
over the course of the whole day).
(FWIW: peak minute was 1248, peak hour 66274)
John
More information about the Kerberos
mailing list