[28887] in Kerberos
Re: primary/secondary config question
daemon@ATHENA.MIT.EDU (edward@murrell.co.nz)
Tue Dec 11 22:35:24 2007
Message-ID: <42913.203.144.32.165.1197418705.squirrel@zinc.murrell.co.nz>
In-Reply-To: <551721.42864.qm@web38511.mail.mud.yahoo.com>
Date: Wed, 12 Dec 2007 13:18:25 +1300 (NZDT)
From: edward@murrell.co.nz
To: kerberos@mit.edu
MIME-Version: 1.0
X-SA-Exim-Mail-From: edward@murrell.co.nz
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Extra complexity for no benefit?
The load on the LDAP server is likely to be higher than the load on the
KDC, so spreading the load of the KDC's isn't going to change anything
unless your one of your KDC's is really really slow. If you want
redundancy, I would maybe consider making slave replicas of the LDAP
database on the KDC machines, and pointing the KDCs at the local replica,
followed by the other two.
Edward
> Could someone review this setup, and provide some
> feedback?
>
> I am using an ldap backend, with a primary and
> secondary kdc pointing to the same ldap server (only
> the primary runs kadmind).Both the primary and the
> secondary can affect the database. I'm wondering if
> there are any reasons why I wouldn't want to do this
> is a production environment.
>
> Thanks in advance!
>
> Steve
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
