> That's very impressive and it gives me a lot of hope that our > proof-of-concept will be successful! I'm very glad to hear this. What kind > of usage do you see on this? Do you use MIT or Heimdal?
We are running MIT's with our own incremental replication code (we replicate to the slave, our W2K-AD, and our Novell NDS). Basically, we put 5 little hooks in the kadmin libs that write 'transaction log records' into a directory. Everything else is done with external programs and scripts. I've posted more details which should be in the list archives someplace. John > -----Original Message----- > From: John Hascall > To: Digant Kasundra > Cc: Kerberos List > Sent: 3/24/2004 2:57 PM > Subject: Re: kerberos password change in master-slave environ > > > > > >I'm not saying multi-master isn't desirable, but for the average > realm, > > >you > > >can live without it. For a larger realm, (in the tens of thousands > of > > >principals) having incremental propagation probably takes care of the > > >issues you have with DB propagation. > > > Our realm has 43,000+ principals so for us, its a big deal. :) We > have > > slaves not only for redundancy, but also for load balancing. We don't > want > > all the users on our campus authenticating or changing passwords > against > > just one machine. > > I'll see your 43,000 principals and raise you about 15,000 more :) > > We use a single master incrementally updating a single offsite slave > (both PCs running NetBSD) and we see no performance problems at all. > > John > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
