KDC performance test - lookaside cache impact, testing framework
Nico Williams
nico at cryptonector.com
Mon Jun 18 11:16:15 EDT 2012
On Mon, Jun 18, 2012 at 10:07 AM, Greg Hudson <ghudson at mit.edu> wrote:
> Retransmitted requests can also happen if a KDC needs a few seconds to
> process a request, e.g. to contact a slow OTP server. Since we're trying to
> support that case, I'm (so far) more interested in making the lookaside
> cache efficient than dropping it.
Someone pointed this out to me off-line. Yeah, I agree, but someone
else also points out to me that having multiple slaves also easily
leads to lockout, whether the KDCs have lookaside caches or not. (It
might be nice to have a KRB-ERROR by which to redirect a client to a
specific KDC IP address. Of course, new errors don't help old
clients.)
Nico
--
More information about the krbdev
mailing list