[38229] in Kerberos
Re: Determening the number of clients per KDC
daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue Apr 17 18:20:30 2018
From: Russ Allbery <eagle@eyrie.org>
To: Mark =?utf-8?Q?Pr=C3=B6hl?= <mark@mproehl.net>
In-Reply-To: <89dd606a-38a9-7fc4-68dc-25e04308dcaa@mproehl.net> ("Mark
=?utf-8?Q?Pr=C3=B6hl=22's?= message of "Tue,
17 Apr 2018 10:25:55 +0200")
Date: Tue, 17 Apr 2018 15:20:03 -0700
Message-ID: <87sh7tzd9o.fsf@hope.eyrie.org>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Mark Pröhl <mark@mproehl.net> writes:
> On 04/16/2018 05:51 PM, Russ Allbery wrote:
>> ... Clients aren't going to generally all try to get a ticket at the
>> same time, due to ticket caching, so that scales to a lot of clients.
> I have only seen JAVA/JAAS clients caching the TGT and not the service
> tickets. Especially in Hadoop environments this leads to much more TGS
> traffic than in "classical" Kerberos environments. 1000 rps are not
> unusual.
Ah, interesting! (Also incredibly broken behavior....)
--
Russ Allbery (eagle@eyrie.org) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
