[37226] in Kerberos
Re: Kerberos authentication ntetwork
daemon@ATHENA.MIT.EDU (Todd Grayson)
Wed Sep 9 21:34:44 2015
MIME-Version: 1.0
In-Reply-To: <1441832945.30652.4.camel@hilfy.kf8nh.com>
From: Todd Grayson <tgrayson@cloudera.com>
Date: Wed, 9 Sep 2015 19:34:06 -0600
Message-ID: <CALNT6MVj85k55G0c-CM0eB5DsBPTM4GPvox_SSkWcd98Kft1vA@mail.gmail.com>
To: Brandon Allbery <ballbery@sinenomine.net>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
by cluster do you mean hadoop?
Hadoop can (based on version, workload, and service usage pattern) get very
very chatty with a KDC. Depends on what you are doing on the 10GB network;
but I would say you can definitely handle the krb on the 1GB interface, but
consider your principal to hostname mapping issues if you are multihoming
(forward and reverse need to map to your fqdn's).
On Wed, Sep 9, 2015 at 3:09 PM, Brandon Allbery <ballbery@sinenomine.net>
wrote:
> On Wed, 2015-09-09 at 15:45 -0500, Ben Kim wrote:
> > My worry about 10G is when data traffic gets jammed or network goes down
> > KDC may not respond. 10G network cables are not redundant for budget
> reason.
> > My worry about 1G network is network bandwidth. I'M pretty new to
> Kerberos,
> > and as a service expands Im not sure how much of bandwidth will Kerberos
> > network consume.
>
> Kerberos itself is very low bandwidth; you would have difficulty
> saturating even an old 10MB network with it, unless something is
> severely misconfigured.
>
> --
> brandon s allbery kf8nh sine nomine associates
> allbery.b@gmail.com ballbery@sinenomine.net
> unix openafs kerberos infrastructure xmonad http://sinenomine.net
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
Todd Grayson
Customer Operations Engineering, Security SME
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
