Is there some performance bench marking done against KDC. For instance, if
I want to deploy a KDC server and suppose some peak traffic volume, what
kind of memory/cpu resource I should provision for the server?
We have a few hundred machines with around 2000 users (not all active, of course) in a computer science dept. 3 KDCs running as VMs with 4 processors and 16 GB each. The processors are generally using < 10% of available CPU. The KDC itself is light-weight. You want to watch the LDAP server. Now and then it grows, and you’ll want to restart it. (The only reason we have 16 G is to accommodate that issue. It should normally work OK in 8 GB, and maybe less.) It’s possible tune the directory server, but we haven’t done so. We run with the default of logging all LDAP and KDC transactions. You could turn that off. I find that the logs are useful for debugging.
We use Kerberized NFS, so we’re using Kerberos more than if you just used it to login.
The ideal environment is a VM where the VM or stooge system can do consistent point in time snapshots. A VM snapshot is the most useful backup.
> On Nov 15, 2019, at 3:35 PM, Yegui Cai <[hidden email]> wrote:
> Is there some performance bench marking done against KDC. For instance, if
> I want to deploy a KDC server and suppose some peak traffic volume, what
> kind of memory/cpu resource I should provision for the server?
> Kerberos mailing list [hidden email] > https://mailman.mit.edu/mailman/listinfo/kerberos