[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos and Load balancing

On Jan 31, 2008, at 1:16 PM, Ken Raeburn wrote:

> On Jan 31, 2008, at 14:22, Andrew Bacchi wrote:
>> I agree with Henry that it's hard to overload a modern server.   
>> I'm doing over 1 million hits per day on my primary kdc and not  
>> having any recurring problems.
>> You could simply create two versions of your krb5.conf file each  
>> with a different primary kdc
>> kdc = server1
>> kdc = server2
>> -------------------
>> kdc = server2
>> kdc = server1
>> Then split the distribution to your clients.
> Or, skip the config file entries, and put SRV records into your  
> zone file, listing equal priorities; the clients should  
> automatically split the load then (though you can't break it down  
> by site easily to have groups of clients default to their nearest  
> KDC first).  Neither MIT nor Heimdal currently appear to implement  
> the weight field, but in theory you ought to even be able to  
> specify an uneven distribution of load if you wanted... maybe someday.
> Ken

Hmmm.  Sam said the weight was supported (in MIT).  Just no  
comparable spec in the config file.

The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu