iprop_iprop_replica_poll=2m default...
Kenneth MacDonald
Kenneth.MacDonald at ed.ac.uk
Thu Jan 9 04:11:21 EST 2020
On Wed, 2020-01-08 at 13:38 -0500, Tareq Alrashid wrote:
> How can we make it as close to realtime as possible?
> what is the smallest value possible we can assign?
>
> Background:
>
> Master receives a newly provisioned user, or new password
> change/reset, and since we live in the instant-gratification times,
> users attempt to login onto services that configured to authenticate
> against replica servers which of course have not been propagated to
> yet…. failed login => open a help desk ticket…etc. waste of time and
> frustration.
>
> How do you all deal with the latency in your hi-ed environment?
>
> HNY! Thanks for any insights
We haven't reduced the polling interval, but have configured our web
single sign on hosts to authenticate against our master KDC in
preference to the slaves by listing their IP addresses in order in
/etc/krb5.conf.
Cheers,
Kenny.
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the Kerberos
mailing list