[29708] in Kerberos
Re: Master -> Slave replication
daemon@ATHENA.MIT.EDU (Russ Allbery)
Mon Apr 21 18:41:22 2008
To: kerberos@mit.edu
In-Reply-To: <donn-C54150.14501721042008@gnus01.u.washington.edu> (Donn Cave's
message of "Mon\, 21 Apr 2008 14\:50\:17 -0700")
From: Russ Allbery <rra@stanford.edu>
Date: Mon, 21 Apr 2008 15:40:01 -0700
Message-ID: <871w4yhlxa.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Donn Cave <donn@u.washington.edu> writes:
> But if I had to start over without a convenient way to implement
> incremental replication, I wouldn't worry as much about it as I did at
> the time. At any ordinary site, a single master KDC will take the whole
> load without breaking a sweat, so the replica is only really needed for
> service exception backup, and if in that event it's a few minutes out of
> date it isn't the end of the world.
Also, a lot of Kerberos clients will transparently retry on the master KDC
if they get an error from a slave KDC, which further reduces the need to
care even if you're not pointing all clients at the master by default.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
