[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos and Load balancing



On Jan 31, 2008, at 14:22, Andrew Bacchi wrote:
> I agree with Henry that it's hard to overload a modern server.  I'm  
> doing over 1 million hits per day on my primary kdc and not having  
> any recurring problems.
>
> You could simply create two versions of your krb5.conf file each  
> with a different primary kdc
> kdc = server1
> kdc = server2
>
> -------------------
>
> kdc = server2
> kdc = server1
>
> Then split the distribution to your clients.

Or, skip the config file entries, and put SRV records into your zone  
file, listing equal priorities; the clients should automatically  
split the load then (though you can't break it down by site easily to  
have groups of clients default to their nearest KDC first).  Neither  
MIT nor Heimdal currently appear to implement the weight field, but  
in theory you ought to even be able to specify an uneven distribution  
of load if you wanted... maybe someday.

Ken