Perfornace bench marking

Charles Hedrick hedrick at
Tue Dec 10 15:18:08 EST 2019

How many client systems and users?

We have a few hundred machines with around 2000 users (not all active, of course) in a computer science dept. 3 KDCs running as VMs with 4 processors and 16 GB each. The processors are generally using < 10% of available CPU. The KDC itself is light-weight. You want to watch the LDAP server. Now and then it grows, and you’ll want to restart it. (The only reason we have 16 G is to accommodate that issue. It should normally work OK in 8 GB, and maybe less.)  It’s possible tune the directory server, but we haven’t done so. We run with the default of logging all LDAP and KDC transactions. You could turn that off. I find that the logs are useful for debugging.

We use Kerberized NFS, so we’re using Kerberos more than if you just used it to login.

The ideal environment is a VM where the VM or stooge system can do consistent point in time snapshots. A VM snapshot is the most useful backup.

> On Nov 15, 2019, at 3:35 PM, Yegui Cai <caiyegui at> wrote:
> Hi,
> Is there some performance bench marking done against KDC. For instance, if
> I want to deploy a KDC server and suppose some peak traffic volume, what
> kind of memory/cpu resource I should provision for the server?
> Thanks!
> Yegui
> ________________________________________________
> Kerberos mailing list           Kerberos at

More information about the Kerberos mailing list