KDC performance test - lookaside cache impact, testing framework

Frank Cusack frank at tenpedal.com
Thu Jun 21 15:26:19 EDT 2012


On Thu, Jun 21, 2012 at 9:59 AM, Sam Hartman <hartmans at mit.edu> wrote:

> >>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:
>
>    Greg> (On the client end, we'd like to make libkrb5 "stick" to the KDC
> address
>    Greg> which generated the preauth-required response.  That's a bit of a
>    Greg> technical challenge.  It also doesn't help when there are network
> load
>    Greg> balancers or KDC worker processes involved.)
>

Why not just use TCP?  If the preauth-required comes back with a flag
saying "I want affinity" then the client starts over with TCP.  You'd want
to start over because even sending further requests to the same IP may not
get to the same process, as you've pointed out.


More information about the krbdev mailing list