Red Hat Bugzilla – Bug 474923
kdc auth fails under load
Last modified: 2015-01-04 18:35:15 EST
- for ipa v1.1 I have run the 'hammer' load test tool/tests that come with
the kdc source code
- during the test I observed an issue like...
(16:36:39) ckannan1: nalin: when the KDC server (ipa v1.1) is under stress with "hammer" tool, I see some stuff, like this.
(16:36:41) ckannan1: [root@tigger hammer]# kinit admin
(16:36:41) ckannan1: Password for admin@DSQA.SJC2.REDHAT.COM:
(16:36:41) ckannan1: kinit(v5): Cannot contact any KDC for realm 'DSQA.SJC2.REDHAT.COM' while getting initial credentials
(16:37:09) ckannan1: nalin: how can I get you more information on this ?.
(16:38:12) nalin: ckannan1: keep in mind that the kdc is single-threaded, so if it gets stuck waiting on anything (expensive work, database access, anything), clients won't get a response. if a client which is using udp doesn't get a response within the timeout, it assumes the server's not there
We'll see if we can configure multiple KDC processes, one for each CPU.
Cleaning up old bugs that were completed but not marked as closed.