[28897] in Kerberos
Re: primary/secondary config question
daemon@ATHENA.MIT.EDU (Steven Miller)
Wed Dec 12 10:02:11 2007
Date: Wed, 12 Dec 2007 07:01:25 -0800 (PST)
From: Steven Miller <stevenraymillerjr@yahoo.com>
To: edward@murrell.co.nz, kerberos@mit.edu
In-Reply-To: <42913.203.144.32.165.1197418705.squirrel@zinc.murrell.co.nz>
MIME-Version: 1.0
Message-ID: <955071.15121.qm@web38503.mail.mud.yahoo.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Would there be any problems having both kdcs modifying
the database?
thanks
Steve
--- edward@murrell.co.nz wrote:
> Extra complexity for no benefit?
>
> The load on the LDAP server is likely to be higher
> than the load on the
> KDC, so spreading the load of the KDC's isn't going
> to change anything
> unless your one of your KDC's is really really slow.
> If you want
> redundancy, I would maybe consider making slave
> replicas of the LDAP
> database on the KDC machines, and pointing the KDCs
> at the local replica,
> followed by the other two.
>
> Edward
>
> > Could someone review this setup, and provide some
> > feedback?
> >
> > I am using an ldap backend, with a primary and
> > secondary kdc pointing to the same ldap server
> (only
> > the primary runs kadmind).Both the primary and the
> > secondary can affect the database. I'm wondering
> if
> > there are any reasons why I wouldn't want to do
> this
> > is a production environment.
> >
> > Thanks in advance!
> >
> > Steve
> >
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
