Rate limiting Kerberos Requests

Russ Allbery rra at stanford.edu
Tue Sep 25 16:49:55 EDT 2012


Jack Neely <jjneely at ncsu.edu> writes:

> Has anyone done any rate limiting or throttling of Kerberos requests?
> I've had several situations where I had a load of 600 requests / minute
> against my 3 kerberos slaves that caused degradation of performance for
> everyone else.  Always from misbehaving tools or applications.

That seems like a rather slow authentication rate and low load to me.  I
would expect a KDC to handle that level of load without breathing hard.
What sort of configuration (hardware, software, etc.) are you using?

Our Kerberos KDCs *averaged* 2,800 requests per minute through the whole
month of August.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list