kadmin heavy load
sergio.conrad@laposte.net
sergio.conrad at laposte.net
Mon Sep 23 03:15:19 EDT 2013
> So, with 20 concurrent changes going on at once, you may simply be
> overloading the server and getting timeouts on the clients.
Thanks for your response ...
I find no way to indicate the timeout with kadmin.
I write a perl script who do
$kadm5 = Authen::Krb5::Admin->init_with_skey( $krb_admin_princ, $krb_admin_keytab);
if ($kadm5==0) {
sleep 5;
reconnect or die;
It works fine as it permit to check the status of the connection to kadmind.
Is there a best way to handle the situation, or to specify another timeout with the perl interface ?
Thanks
Serge
> Message du 17/09/13 19:10
> De : "Greg Hudson"
> A : sergio.conrad at laposte.net
> Copie à : kerberos at mit.edu
> Objet : Re: kadmin heavy load
>
> On 09/16/2013 08:43 AM, sergio.conrad at laposte.net wrote:
> > 10 % of the changes got the error:
> > kadmin: Communication failure with server while initializing kadmin interface
>
> Password changes are CPU-intensive for kadmind because the server has to
> run deliberately expensive string-to-key operations on the new password.
> kadmind is also single-threaded, so it will use only one CPU and won't
> accept connections while processing another client's password change.
>
> So, with 20 concurrent changes going on at once, you may simply be
> overloading the server and getting timeouts on the clients.
>
>
Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ?
Je crée ma boîte mail www.laposte.net
More information about the Kerberos
mailing list