Kerberos authentication ntetwork

Todd Grayson tgrayson at cloudera.com
Wed Sep 9 21:34:06 EDT 2015


by cluster do you mean hadoop?

Hadoop can (based on version, workload, and service usage pattern) get very
very chatty with a KDC.  Depends on what you are doing on the 10GB network;
but I would say you can definitely handle the krb on the 1GB interface, but
consider your principal to hostname mapping issues if you are multihoming
(forward and reverse need to map to your fqdn's).

On Wed, Sep 9, 2015 at 3:09 PM, Brandon Allbery <ballbery at sinenomine.net>
wrote:

> On Wed, 2015-09-09 at 15:45 -0500, Ben Kim wrote:
> > My worry about 10G is when data traffic gets jammed or network goes down
> > KDC may not respond. 10G network cables are not redundant for budget
> reason.
> > My worry about 1G network is network bandwidth. I'M pretty new to
> Kerberos,
> > and as a service expands Im not sure how much of bandwidth will Kerberos
> > network consume.
>
> Kerberos itself is very low bandwidth; you would have difficulty
> saturating even an old 10MB network with it, unless something is
> severely misconfigured.
>
> --
> brandon s allbery kf8nh                           sine nomine associates
> allbery.b at gmail.com                              ballbery at sinenomine.net
> unix openafs kerberos infrastructure xmonad        http://sinenomine.net
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>



-- 
Todd Grayson
Customer Operations Engineering, Security SME


More information about the Kerberos mailing list