Looking down the road around here, we may wind up having to populate our KDC with alumni, in addition to the students, staff and 'affiliates' that we have now. Which means possibly exceeding 1M principals in the database. Does anyone know if I should anticipate problems when/if the database gets that large? Are there folks out there actually running a KDC with anywhere near that many principals?
Our current KDC (MIT K5 1.2.1 right now) contains about 200K principals and we don't have any particular problems with it. Disk space itself is not a big worry; our database right now occupies just a little over 100M. But I'm concerned about the size threshhold at which serious performance problems begin to occur. Any information would be welcome. We're in the very early planning phases on this issue, but I'd like to be prepared especially if there are known problems we may need to take into account. I'd just as soon not run a separate realm for alumni, which wouldn't help that much anyway, since the alumni component will be the bulk (up to 850K) of the entries anyway. And I realize there are various ways to deal with this issue, like registering only alumni who specifically have a need and request it. But I'd like to be prepared for the worst-case scenario, where we pre-register everyone (as we currently do with students, employees and affiliates, which allows us to use distributed in-person identification supplemented by online procedures for establishing initial passphrases). Thanks. Mike ------------------------------------------------------------------------------ Mike Friedman System and Network Security [EMAIL PROTECTED] 2484 Shattuck Avenue 1-510-642-1410 University of California at Berkeley http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu ------------------------------------------------------------------------------
