[38668] in Kerberos
Re: iprop_iprop_replica_poll=2m default...
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sun Jan 12 17:54:23 2020
To: Tareq Alrashid <tareq@qerat.com>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <804b6f1d-9c7b-c66a-9fc4-13a0c9425f40@mit.edu>
Date: Sun, 12 Jan 2020 17:54:12 -0500
MIME-Version: 1.0
In-Reply-To: <C6A18106-6E77-45D8-A40B-D4540E524487@qerat.com>
Content-Language: en-US
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 1/10/20 8:22 PM, Tareq Alrashid wrote:
> Maybe I am missing something but changing the kdc.conf to any value...
>
> iprop_replica_poll=1s
> or even...
> iprop_replica_poll = 0.016666666666667m
> (for 1s= 1/60min!)
>
> Based on tailing the kadmind.log, it is showing the replica polling
> every 2m!?
If you are running a release prior to 1.17, you need to use the old name
iprop_slave_poll. (The old name still works in 1.17 as well.)
Also make sure to set the value on the machine running kpropd (not the
master KDC where kadmind is run), and to restart kpropd.
I don't think the delta time format supports floating point values, but
"1s" or just "1" should work.
> Final question if there is any negative impact for having replicas poll at often as one second or maybe it is best to be at higher numbers of seconds?
Polling every second will cause a little bit of work on the replica and
the master KDC each second, and use a little bit of network traffic.
With today's computers and networks it's probably going to have much impact.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
