Tech Insider					     Technology and Trends

		      Kerberos Mailing List Archives

From spm@ATHENA.MIT.EDU  Fri Jun 13 15:58:31 1986
To: saltzer, ostlund, kelley, jis, bcn
Cc: spm
Subject: Kerberos servers
Date: Fri, 13 Jun 86 15:57:02 -0500
From: Steve Miller <spm@ATHENA.MIT.EDU>

Some of us have been discussing alternate means of providing
a highly available Kerberos service, and I believe that this issue
needs to be pondered for a while.

The most direct approach is to put a kerberos server in each cluster,
thus insulating each cluster from gateway and backbone problems.
The drawback with this solution is that it requires a lot of servers
(and $$), each of which ought to be more secure physically than we
currently can provide, and each of which needs to be updated and

In terms of the workload on Kerberos, I estimate that with 2000 workstations,
except for brief periods of bursty load (26-100 empties into the adjoining
terminal room), three or four uvax2 class servers will provide sufficient
service. Each should be able to handle 3-5 requests/second, with a typical
request asking for 3 tickets. Once routine logging for debugging is turned
off, the limiting factor is software encryption time.

We will have much more than 4 clusters.

I would propose, as a long term alternative, that instead of spending
the equipment money on a Kerberos server per cluster, we install only
3 or 4 Kerberos servers, judiciously located, and that the extra equipment
budget go towards providing a more redundant network, e.g. two
gateways per cluster.  This would provide higher availability for all
services, not just Kerberos.

Of course, just providing the gateways is not adequate if the backbone is
not highly reliable, but I suspect sooner or later the backbone will for
many reasons have to become highly reliable.

In the interim, Pete and John are considering the one per cluster approach,
since it is in the realm of what they can do, and do quickly.

			        About USENET

USENET (Users’ Network) was a bulletin board shared among many computer
systems around the world. USENET was a logical network, sitting on top
of several physical networks, among them UUCP, BLICN, BERKNET, X.25, and
the ARPANET. Sites on USENET included many universities, private companies
and research organizations. See USENET Archives.

		       SCO Files Lawsuit Against IBM

March 7, 2003 - The SCO Group filed legal action against IBM in the State 
Court of Utah for trade secrets misappropriation, tortious interference, 
unfair competition and breach of contract. The complaint alleges that IBM 
made concentrated efforts to improperly destroy the economic value of 
UNIX, particularly UNIX on Intel, to benefit IBM's Linux services 
business. See SCO v IBM.

The materials and information included in this website may only be used
for purposes such as criticism, review, private study, scholarship, or

Electronic mail:			       WorldWideWeb: