[29707] in Kerberos
Re: Master -> Slave replication
daemon@ATHENA.MIT.EDU (Donn Cave)
Mon Apr 21 18:00:37 2008
From: Donn Cave <donn@u.washington.edu>
Date: Mon, 21 Apr 2008 14:50:17 -0700
Message-ID: <donn-C54150.14501721042008@gnus01.u.washington.edu>
X-Complaints-To: help@cac.washington.edu
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
In article <mailman.34.1208807065.25183.kerberos@mit.edu>,
Derek Harkness <dharknes@umd.umich.edu> wrote:
> Is kprop and kpropd really the only way to replicate a master and
> slave? It just seems lame that in 2008 I still have to write a cron
> job to replicate a database every X seconds.
As noted in another followup, some Kerberos sites have implemented
something on their own. We did. It was really more like a trivial
integration with already existing local accounting software, so
maybe not much help to anyone looking to go this way.
At the time we did that, the latency was not every X seconds, but
every X minutes, where X is two digits - since we would have to
at least wait long enough that the replica could complete its load
before getting a new one.
But if I had to start over without a convenient way to implement
incremental replication, I wouldn't worry as much about it as I
did at the time. At any ordinary site, a single master KDC will
take the whole load without breaking a sweat, so the replica is
only really needed for service exception backup, and if in that
event it's a few minutes out of date it isn't the end of the world.
This is why the
I sure would not turn to an LDAP back end for this reason.
Nothing against LDAP, if you have data to publish it's the way
to go and we do plenty of it here, but for replicating the KDC?
talk about a cure that's worse than the disease ...
Donn Cave, donn@u.washington.edu
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
