[prev in list] [next in list] [prev in thread] [next in thread]
List: kerberos
Subject: Re: Kerberos Propagation question
From: Ken Raeburn <raeburn () MIT ! EDU>
Date: 2010-09-07 19:30:31
Message-ID: 56FDA578-913C-49E3-A2F4-B3CB4DA2E941 () mit ! edu
[Download RAW message or body]
On Sep 7, 2010, at 15:06, Pax Industria wrote:
> Hi,
>
> A colleague asked recently if KDC's could replicate more frequently, his
> suggestion was every 3 minutes. That seemed as though it could have adverse
> effects on the KDC's but i couldn't find anything in the docs on a best
> practice for how frequently / infrequently to replicate the database. I seem
> to recall that propagation locks the DB, but I wasn't able to find a
> reference to it. (I could have made it up..., or maybe I just didn't see it
> in the docs) Would pushing the database out that frequently be problematic?
A full dump briefly locks the database against updates while it writes out a text \
version, but then the propagation is done with the text version, and the database is \
unlocked, so changes can be made. For very large databases, though, the full \
dump-copy-load sequence can take a while.
However, in recent versions of MIT's code, there's an incremental propagation mode \
contributed by Sun which can send updates much more efficiently, and only uses full \
propagation when necessary. If you wish to keep your KDCs very closely in sync I \
suggest you look at using that mode, especially if you have a large database.
> Besides increased load on the system could that have adverse effect on
> admin's working on the database?
It shouldn't, at least with the incremental propagation code in use.
Ken
--
Ken Raeburn / raeburn@mit.edu
NOT working or speaking for the MIT Kerberos Consortium
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic