[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Kerberos and Load balancing
On Jan 31, 2008, at 14:22, Andrew Bacchi wrote:
> I agree with Henry that it's hard to overload a modern server. I'm
> doing over 1 million hits per day on my primary kdc and not having
> any recurring problems.
>
> You could simply create two versions of your krb5.conf file each
> with a different primary kdc
> kdc = server1
> kdc = server2
>
> -------------------
>
> kdc = server2
> kdc = server1
>
> Then split the distribution to your clients.
Or, skip the config file entries, and put SRV records into your zone
file, listing equal priorities; the clients should automatically
split the load then (though you can't break it down by site easily to
have groups of clients default to their nearest KDC first). Neither
MIT nor Heimdal currently appear to implement the weight field, but
in theory you ought to even be able to specify an uneven distribution
of load if you wanted... maybe someday.
Ken