On Thu, Sep 03, 2009 at 12:56:41PM +0200, soko.tica wrote:
> Hello list,
>
> I am setting up a mini network for myself, but trying to imitate a
> full-fledged network with all servers required, everything on i386
> architecture. Everything will run on 4.5 stable.
>
> Since Squid and Kerberos should be deployed, and I haven't worked with
> any of them, could anyone tell me which of them consumes more CPU
> power? I have two i386 boxes available, 3.00Mhz 512 Mb RAM and celeron
> 2.88Mhz 750Mb RAM.
>
> Also, if anyone can tell me that placing ftp/tftp private server on
> inet alias of kerberos machine is stupid (since I figured out it would
> be stupid on squid machine), please don't hesitate to say it.
I'm inclined to question your "should", but if you have two boxes that
run at about 3 GHz (I suppose MHz was a typo?) either should do
perfectly well. You can run on hardware a lot more modest than that, in
fact.
In a real network, there is something to be said for doing as little as
possible on the Kerberos machine, as a compromise of your KDC is pretty
painful (an attacker has access to everything Kerberos-enabled, and
you'll be busy replacing keytabs for quite a while). For the same
reason, you don't want to do too much on the firewall host.
Do note that FTP is pretty much a relic. Anonymous FTP is okay, although
it doesn't really offer any compelling advantages over HTTP, but most
other uses should be replaced with SFTP or another technology.
I'm not really sure that running Squid and ftpd on the same box is an
issue. I'm note sure if they can both do active FTP at the same time,
and of course they cannot both listen on port 21, but in the worst case
you can always just not use Squid for FTP.
Joachim
