Bug 474923 - kdc auth fails under load
Summary: kdc auth fails under load
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise IPA
Classification: Retired
Component: ipa-server
Version: 1.1
Hardware: All
OS: Linux
high
high
Target Milestone: v2 release
Assignee: Nalin Dahyabhai
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 431020
TreeView+ depends on / blocked
 
Reported: 2008-12-05 22:00 UTC by Chandrasekar Kannan
Modified: 2015-01-04 23:35 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-08-25 14:32:38 UTC
Embargoed:

Attachments (Terms of Use)

Description Chandrasekar Kannan 2008-12-05 22:00:23 UTC 
- for ipa v1.1 I have run the 'hammer' load test tool/tests that come with
  the kdc source code
- during the test I observed an issue like...

(16:36:39) ckannan1: nalin: when the KDC server (ipa v1.1) is under stress with "hammer" tool, I see some stuff, like this.
(16:36:41) ckannan1: [root@tigger hammer]# kinit admin
(16:36:41) ckannan1: Password for admin.REDHAT.COM:
(16:36:41) ckannan1: kinit(v5): Cannot contact any KDC for realm 'DSQA.SJC2.REDHAT.COM' while getting initial credentials
(16:37:09) ckannan1: nalin: how can I get you more information on this ?.
(16:38:12) nalin: ckannan1: keep in mind that the kdc is single-threaded, so if it gets stuck waiting on anything (expensive work, database access, anything), clients won't get a response. if a client which is using udp doesn't get a response within the timeout, it assumes the server's not there
Comment 3 Rob Crittenden 2010-09-14 16:43:12 UTC 
ticket https://fedorahosted.org/freeipa/ticket/222

We'll see if we can configure multiple KDC processes, one for each CPU.
Comment 4 Rob Crittenden 2014-08-25 14:32:38 UTC 
Cleaning up old bugs that were completed but not marked as closed.
Note You need to log in before you can comment on or make changes to this bug.