On Mon, 2012-09-10 at 11:11 -0400, Rob Crittenden wrote: > Simo Sorce wrote: > > On Mon, 2012-09-10 at 16:36 +0200, Sumit Bose wrote: > >> What about defining a task in the SSSD krb5 provider instead of > >> pinging > >> it from the locator plugin. The task can run at a configurable > >> interval > >> or never and checks if the current KDC is available. If not it tries > >> the > >> next until it goes offline if no reachable KDC can be found and > >> updates > >> or deletes the info file for the locator plugin.. > >> > >> This leave us with the question how to ping a KDC properly, but this > >> we > >> have to find out for either case. > >> > > I am not a fan of generating load for the KDC unnecessarily. > > > > Simo. > > > > I tend to agree but this can be a real pain to debug because depending > on the current state of sssd you have to either check krb5.conf or the > sssd locator to see what KDC is configured.
[moving to freeipa-devel] Yes but the solution is to do on-demand requests when something doesn't work. Because otherwise you still get the odd failure. Assume you check in 5 min intervals, and the KDC goes off 1 sec after the check, for 5 minutes you still have a wrong KDC in the locator and still get failures. So you loaded the KDC with ~300 request per day per client, and you still have high odds that on failure your locator file will still be 'wrong'. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users