John Hascall <[EMAIL PROTECTED]> writes: > Ken Hornstein <[EMAIL PROTECTED]> writes:
>> - A hour a long time to wait for password updates between KDCs. Mine is >> set to 5 minutes. > If you are a big site (tens of thousands of principals), > this is probably not an option. Most of us in that > category have invented or adopted some sort of incremental > update scheme. We have tens of thousands of principals and we haven't run into serious performance issues with doing full replication yet. I think the scaling factor is more in the hundreds of thousands of principals. > I think it would take a combination of a pretty big site and > a pretty lame server for anyone to notice a load problem (ours > ran on an 8Mhz DECstation for years!) I think the most common > reasons for a slave KDC are: > * reliability (if your main server coughs up a motherboard or ...) Yes, it's probably the best way to do KDC backups. :) -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
