Determening the number of clients per KDC

Russ Allbery eagle at eyrie.org
Mon Apr 16 00:13:21 EDT 2018


Sergei Gerasenko <gerases at gmail.com> writes:

> I’m planning an MIT KDC installation for a hadoop cluster consisting of
> X clients with Y kerberized services each. The KDCs are rather powerful
> machines with 64 cores and 125G of RAM. I want to get the most out of
> this hardware and use the mininum number of KDCs required. Is there a
> rule of thumb for situations like this?

> For example, imagining X=300 and Y=10, can/should I run X*Y (3000)
> workers to accomodate the worst case scenario when they all want to get
> their tickets? Or can I assume that X*Y/2 will can handle that?

For 3000 workers, you could probably run the KDC on a Raspberry Pi.

Redundancy for outage tolerance is almost certainly going to be the
limiting factor for number of KDCs in this situation unless you have way,
way more clients getting tickets than that, or you're using really short
ticket lifetimes, or you have some other unusual situation.

-- 
Russ Allbery (eagle at eyrie.org)              <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list