Re: Determening the number of clients per KDC

On Tue, Apr 17, 2018 at 9:32 AM, Sergei Gerasenko wrote: > Thank you so much for confirming that the KDCs are fast. This saved me a > ton of time writing my own tests, etc. Andrew, as far as workers, is it one > worker per core in general as Russ theorized? > I haven't played with the workers op

Re: Determening the number of clients per KDC

On Mon, Apr 16, 2018 at 5:41 PM, Russ Allbery wrote: > Sergei Gerasenko writes: > > > Will keeping an access log slow me down much, do you know? > > Yes, you may want to tune syslog or whatever you're using for your KDC > logging, although MIT is a lot better than Heimdal in that regard (Heimdal

Re: IPv6 handling in SASL LDAP binding

On Thu, Aug 13, 2009 at 4:21 AM, Xu, Qiang (FXSGSC) wrote: > Yes, in my testing, OpenLDAP utility ldapsearch also works well with IPv6 > address in /etc/krb5.conf when doing SASL binding. > > Although we are using Mozilla LDAP library, I don't think it is MozLDAP's > fault, coz it doesn't pass an

Re: IPv6 handling in SASL LDAP binding

On Thu, Aug 13, 2009 at 6:41 AM, Xu, Qiang (FXSGSC) wrote: > > P.S. Can I ask why the numerical IPv6 address is not supported in MIT > distribution? Using IP addresses in files like krb5.conf is generally discouraged, as it's easier to change a single entry in dns than it is to change a file on e

Re: IPv6 handling in SASL LDAP binding

On Fri, Aug 7, 2009 at 4:28 AM, Xu, Qiang (FXSGSC) wrote: > Since it seems MozLDAP didn't pass any info related to Kerberos > authentication server to Cyrus-SASL, can I understand that Cyrus-SASL obtain > the Kerberos authentication server's whereabout from the ticket? But there is > only an LDA

Re: mod_auth_kerb: gss_accept_sec_context() failed

On Mon, Jan 19, 2009 at 11:32 AM, Michael Ströder wrote: > Andrew Cobaugh wrote: >> On Fri, Jan 16, 2009 at 2:58 PM, Michael Ströder >> wrote: >>> HI! >>> >>> I'm trying to test mod_auth_kerb-5.4 built with MIT libs 1.6.3 for >>> SPNEGO/

Re: mod_auth_kerb: gss_accept_sec_context() failed

On Fri, Jan 16, 2009 at 2:58 PM, Michael Ströder wrote: > HI! > > I'm trying to test mod_auth_kerb-5.4 built with MIT libs 1.6.3 for > SPNEGO/Kerberos working with MS AD W2K3SP1. My ultimate goal is to > receive a forwardable ticket (env var KRB5CCNAME) and use that for LDAP > SASL/GSSAPI bind to

Disabling reverse dns lookups

I've seen this discussed before, but I'm having some trouble. My situation is that I have sshd behind a NAT. The public IP has an A record from one of my domain names, but I have no control over the PTR record, as this is a cable modem connection, so the ISP controls that. So, the client goes to d