iprop_iprop_replica_poll=2m default...
Tareq Alrashid
tareq at qerat.com
Sun Jan 12 21:45:02 EST 2020
Since my last message, I came across the documentation part were it mentions the iprop_slave_poll.
We’re running Kerberos 5 release 1.15.1! - Will make the proper change and the test results should make more sense!
Thanks Greg.
> On Jan 12, 2020, at 5:54 PM, Greg Hudson <ghudson at mit.edu> wrote:
>
> On 1/10/20 8:22 PM, Tareq Alrashid wrote:
>> Maybe I am missing something but changing the kdc.conf to any value...
>>
>> iprop_replica_poll=1s
>> or even...
>> iprop_replica_poll = 0.016666666666667m
>> (for 1s= 1/60min!)
>>
>> Based on tailing the kadmind.log, it is showing the replica polling
>> every 2m!?
>
> If you are running a release prior to 1.17, you need to use the old name
> . (The old name still works in 1.17 as well.)
>
> Also make sure to set the value on the machine running kpropd (not the
> master KDC where kadmind is run), and to restart kpropd.
>
> I don't think the delta time format supports floating point values, but
> "1s" or just "1" should work.
>
>> Final question if there is any negative impact for having replicas poll at often as one second or maybe it is best to be at higher numbers of seconds?
> Polling every second will cause a little bit of work on the replica and
> the master KDC each second, and use a little bit of network traffic.
> With today's computers and networks it's probably going to have much impact.
More information about the Kerberos
mailing list