Kerberos v5-1.10.1 + KDC-KDB-UPDATE - Minimum server specs?

Tareq Alrashid tma at case.edu
Tue May 22 15:56:03 EDT 2012


Greetings,

Not sure if this is covered somewhere or not, as I can’t seem to find any information on this topic.

Need to quantify what kind of “extra” specs/horse power the Kerberos KDC servers ought to have to perform normally and have room for growth.
Currenty have master KDC running for many years with:
Dell PowerEdge 1950, 1 Xeon L5335 CPU 4 cores @ 2.0 GHz, 4 GB RAM, 2x73 GB HD in RAID-1 mirror
2 slaves with similar specs.

Whole point of this message is all hardware at end of life needing upgrade and server folks asking for what my new shiny kerberos kdc server should look like?

I understand the answer depends on many factors not mentioned in this message, but what I am looking for is some kind of a reference point or ratio based on the following facts:

- We are going from DES only, no policies, no account lockouts, no password history - we have had all those implemented at a separate layer.
- To:
	- Latest/greatest/strong encryption types (keeping both worlds happy Un*x/and cross-realm with MS AD)
	- Implementing accounts lockouts, password history, and many new policies over 120K principals
	- Which all require REQUIRES_PRE_AUTH - something we have never had before, and now I have to make sure it won’t break all to hell.

I have read something somewhere in the archives or docs or net that kdc-kdb-updates and functions we have listed above will require a lot more than we normally use, since we have never had any of this before it is hard to quantify without actually placing in production.

Any insights you all may have would most appreciated.

Thank you, 
Tareq 

_____
  Tareq.Alrashid at CASE.EDU 
  ITS Middleware - 10900 Euclid Avenue, Crawford 422
  Cleveland, OH 44106-7072  U.S.A.















More information about the Kerberos mailing list