hardware recommendation to run MIT KDC

Matt Crawford crawford at fnal.gov
Wed Aug 29 09:10:03 EDT 2007

When I ran the KDCs here, I always configured them with no paging  
space, the better to quantify the impact of a hypothetical theft of  
the machine.  This means putting in enough memory. The KDC memory  
footprint isn't all that big, as long as the code doesn't have memory  
leaks. Staggered periodic restarts can help there. The database file  
can tend to grow on the master if you have a lot of kadmin  
transactions, which we always did because of our use of OTP tokens.  
Freezing the kadmin server and reloading from the same database dump  
that would be propagated to slave KDCs helps with that.

More information about the krbdev mailing list