Bug 474923 - kdc auth fails under load
kdc auth fails under load
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise IPA
Classification: Retired
Component: ipa-server (Show other bugs)
1.1
All Linux
high Severity high
: v2 release
: ---
Assigned To: Nalin Dahyabhai
Chandrasekar Kannan
:
Depends On:
Blocks: 431020
  Show dependency treegraph
 
Reported: 2008-12-05 17:00 EST by Chandrasekar Kannan
Modified: 2015-01-04 18:35 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-08-25 10:32:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chandrasekar Kannan 2008-12-05 17:00:23 EST
- for ipa v1.1 I have run the 'hammer' load test tool/tests that come with
  the kdc source code
- during the test I observed an issue like...

(16:36:39) ckannan1: nalin: when the KDC server (ipa v1.1) is under stress with "hammer" tool, I see some stuff, like this.
(16:36:41) ckannan1: [root@tigger hammer]# kinit admin
(16:36:41) ckannan1: Password for admin@DSQA.SJC2.REDHAT.COM:
(16:36:41) ckannan1: kinit(v5): Cannot contact any KDC for realm 'DSQA.SJC2.REDHAT.COM' while getting initial credentials
(16:37:09) ckannan1: nalin: how can I get you more information on this ?.
(16:38:12) nalin: ckannan1: keep in mind that the kdc is single-threaded, so if it gets stuck waiting on anything (expensive work, database access, anything), clients won't get a response. if a client which is using udp doesn't get a response within the timeout, it assumes the server's not there
Comment 3 Rob Crittenden 2010-09-14 12:43:12 EDT
ticket https://fedorahosted.org/freeipa/ticket/222

We'll see if we can configure multiple KDC processes, one for each CPU.
Comment 4 Rob Crittenden 2014-08-25 10:32:38 EDT
Cleaning up old bugs that were completed but not marked as closed.

Note You need to log in before you can comment on or make changes to this bug.