hardware recommendation to run MIT KDC
crawford at fnal.gov
Wed Aug 29 09:10:03 EDT 2007
When I ran the KDCs here, I always configured them with no paging
space, the better to quantify the impact of a hypothetical theft of
the machine. This means putting in enough memory. The KDC memory
footprint isn't all that big, as long as the code doesn't have memory
leaks. Staggered periodic restarts can help there. The database file
can tend to grow on the master if you have a lot of kadmin
transactions, which we always did because of our use of OTP tokens.
Freezing the kadmin server and reloading from the same database dump
that would be propagated to slave KDCs helps with that.
More information about the krbdev