kerberos capacity planning questions
Tim Metz
tpmetz at ucdavis.edu
Mon Feb 25 15:38:38 EST 2008
>>> Greetings,
>>> As part of a campus working group currently evaluating Kerberos product
>>> options, I have been tasked with researching the following two
>>> requirements for MIT Kerberos:
>>> (1) Must house more than 200,000 accounts.
>>> (2) Must issue more than 3 tickets per second.
>>>
>> MIT Kerberos can trivially satisfy both of those with any reasonable
>> server hardware. We were doing more authentications per second than that
>> on a now-obsolete Dell 1750. We're now running the primary Kerberos
>> server, which handles almost all the authentications on a Dell 1950.
>>
>
> Even on non-reasonable hardware. In 1990 I tested our
> pathetic-by-current-standards DECstation 2100-based KDC
> at around 40 tickets/sec (single DES then, of course).
>
> Our peak second so far today (also on a Dell 1950)
> was 58 tickets issued (we'll do around a million
> over the course of the whole day).
> (FWIW: peak minute was 1248, peak hour 66274)
>
> John
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
Thank you Russ and John.
As related requirements items, I am also looking for MIT KDC
installations with (1) greater than 50,000 accounts, and (2) greater
than 100,000 accounts (user + service principals). If anyone is
running an MIT KDC this size and can share that information it would be
greatly appreciated.
More information about the Kerberos
mailing list