Sergei Gerasenko <gera...@gmail.com> writes: > Thanks for the quick response, Russ. Let’s say I run 1 worker > process. How many clients can that sustain in the worst case scenario of > all the clients trying to get a ticket? I need some way to quantify > this. As for failover, I am planning to deploy a standby node.
It's unfortunately been long enough since I've tested this on a system running flat out that I don't remember what qps a KDC can do on modern hardware, but I would expect it to at least be in the range of 100 qps. It's probably constrained by the KDC being single-threaded. Clients aren't going to generally all try to get a ticket at the same time, due to ticket caching, so that scales to a lot of clients. General rule of thumb for KDCs is that you want at least a master and a replica, and there's no reason not to have the replica serve most of the traffic (in other words, I wouldn't go with a standby design). Usually I run at least three KDCs, although the number three is mostly because I started with kaserver that needed three KDCs for stable Ubik quorum, which of course isn't a thing with regular KDCs, so I don't know that three is really better than two. -- Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
