Kerberos authentication ntetwork
Todd Grayson
tgrayson at cloudera.com
Wed Sep 9 21:34:06 EDT 2015
by cluster do you mean hadoop?
Hadoop can (based on version, workload, and service usage pattern) get very
very chatty with a KDC. Depends on what you are doing on the 10GB network;
but I would say you can definitely handle the krb on the 1GB interface, but
consider your principal to hostname mapping issues if you are multihoming
(forward and reverse need to map to your fqdn's).
On Wed, Sep 9, 2015 at 3:09 PM, Brandon Allbery <ballbery at sinenomine.net>
wrote:
> On Wed, 2015-09-09 at 15:45 -0500, Ben Kim wrote:
> > My worry about 10G is when data traffic gets jammed or network goes down
> > KDC may not respond. 10G network cables are not redundant for budget
> reason.
> > My worry about 1G network is network bandwidth. I'M pretty new to
> Kerberos,
> > and as a service expands Im not sure how much of bandwidth will Kerberos
> > network consume.
>
> Kerberos itself is very low bandwidth; you would have difficulty
> saturating even an old 10MB network with it, unless something is
> severely misconfigured.
>
> --
> brandon s allbery kf8nh sine nomine associates
> allbery.b at gmail.com ballbery at sinenomine.net
> unix openafs kerberos infrastructure xmonad http://sinenomine.net
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
Todd Grayson
Customer Operations Engineering, Security SME
More information about the Kerberos
mailing list