- for ipa v1.1 I have run the 'hammer' load test tool/tests that come with the kdc source code - during the test I observed an issue like... (16:36:39) ckannan1: nalin: when the KDC server (ipa v1.1) is under stress with "hammer" tool, I see some stuff, like this. (16:36:41) ckannan1: [root@tigger hammer]# kinit admin (16:36:41) ckannan1: Password for admin.REDHAT.COM: (16:36:41) ckannan1: kinit(v5): Cannot contact any KDC for realm 'DSQA.SJC2.REDHAT.COM' while getting initial credentials (16:37:09) ckannan1: nalin: how can I get you more information on this ?. (16:38:12) nalin: ckannan1: keep in mind that the kdc is single-threaded, so if it gets stuck waiting on anything (expensive work, database access, anything), clients won't get a response. if a client which is using udp doesn't get a response within the timeout, it assumes the server's not there
ticket https://fedorahosted.org/freeipa/ticket/222 We'll see if we can configure multiple KDC processes, one for each CPU.
Cleaning up old bugs that were completed but not marked as closed.