[16627] in Kerberos_V5_Development
Re: KDC query client performance
daemon@ATHENA.MIT.EDU (Simo Sorce)
Mon Feb 14 20:20:23 2011
Date: Mon, 14 Feb 2011 20:20:16 -0500
From: Simo Sorce <ssorce@redhat.com>
To: Sam Hartman <hartmans@mit.edu>
Message-ID: <20110214202016.1deb275b@willson.li.ssimo.org>
In-Reply-To: <tslbp2exhhw.fsf@mit.edu>
Mime-Version: 1.0
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Mon, 14 Feb 2011 19:34:51 -0500
Sam Hartman <hartmans@mit.edu> wrote:
> >>>>> "Simo" == Simo Sorce <ssorce@redhat.com> writes:
>
> Simo> On Mon, 14 Feb 2011 18:35:14 +0000
> Simo> "Roland C. Dowdeswell" <elric@imrryr.org> wrote:
>
> > Also, it might be a better idea in the longer term to write a little
> >> daemon that runs as root, listens on a UNIX domain socket and
> >> accepts requests from the krb5 libs to have conversations with
> >> various KDCs. The advantage of this would be that this daemon
> >> could keep track of which KDCs are up and perhaps even keep
> >> track of which ones answer the quickest (and are therefore
> >> likely the closest), etc.
>
> Simo> You can do this separately by creating a locator plugin.
> Simo> That's what we do with the SSSD project at least, so that
> Simo> the sssd daemon does the discovery and just tells the krb5
> Simo> libs what is the ip address to use for the KDC.
>
> Yes, but I think that this is important enough to Kerberos performance
> that someone should really do this separately from SSSD. If you're
> going to use SSSD, or some full infrastructure, you'll use their KDC
> locator. However, you really want this service. All the time. Even
> if you just want a Kerberos client.
Then it may be best to define a socket based communication protocol so
that only one daemon at a time can do it (consistency) and others can
provide the service w/o having plugins piling up on another.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
