Rate limiting Kerberos Requests

Jack Neely jjneely at ncsu.edu
Tue Sep 25 16:34:59 EDT 2012


Greetings,

Has anyone done any rate limiting or throttling of Kerberos requests?
I've had several situations where I had a load of 600 requests / minute
against my 3 kerberos slaves that caused degradation of performance for
everyone else.  Always from misbehaving tools or applications.

What suggestions do folks have for doing this?  I've thought about using
the limit module in iptables:

   iptables -A INPUT -p tcp --dport 88 -m limit --limit 4/min --limit-burst 6 -j ACCEPT
    iptables -A INPUT p tcp --dport 88 -j DROP

Jack

-- 
Jack Neely <jjneely at ncsu.edu>
Linux Czar, OIT Campus Linux Services
Office of Information Technology, NC State University
GPG Fingerprint: 1917 5AC1 E828 9337 7AA4  EA6B 213B 765F 3B6A 5B89


More information about the Kerberos mailing list