[1673] in Kerberos
A thought on Kerberos slavery
daemon@ATHENA.MIT.EDU (Jim Haynes)
Thu Dec 12 22:29:51 1991
Date: 13 Dec 91 00:31:46 GMT
From: haynes@cats.ucsc.edu (Jim Haynes)
To: kerberos@shelby.Stanford.EDU
We run a Kerberos master and one slave server. (both on decapitated Sun
3/50s.) My first idea was to try to equalize the load between the two
by listing one or the other first in /etc/krb.conf. The trouble with this
is that when a user changes the password it can take up to two hours for
the change to be propagated to the slave; during that time either the new
or the old password might be correct, depending on which machine the user
tries to use.
While listening to a talk by Dan Geer it struck me that it would be better
to have everybody use the master all the time, so that password changes
are effective immediately. The slave is merely a backup for the master,
always available and always nearly up to date, if the master should go down
or get cut off from the rest of the network. So I rearranged the /etc/krb.conf
files that way and everything is working fine. It's just necessary to
tickle the slave occasionally to be sure it is in fact working.
--
haynes@cats.ucsc.edu
haynes@cats.bitnet
"Any clod can have the facts, but having opinions is an Art."
Charles McCabe, San Francisco Chronicle
