Ah, OK. I cannot answer whether 2m is the minumum value. Cheers,
Kenny. On Thu, 2020-01-09 at 09:26 -0500, Tareq Alrashid wrote: > Thanks for the reply, Kenny. > > I have left out an important detail, on campus of course all is > configured to master KDC first, the kerb2/kerb3…etc., no problem. > > This affects users of our clouds services, for example in AWS where > we have duplicated all/most of our infrastructure services, if a user > changes her password using our web tools against master KDC on > campus, said user will not able to login immediately until changes > are replicated out to the replica Kerberos servers in AWS. Granted 2m > is not long, but this reason for asking in the first place to see if > 2m is the shorted time delta allowed. > > Thanks, > Tareq > > > On Jan 9, 2020, at 4:11 AM, Kenneth MacDonald < > > [email protected]> wrote: > > > > On Wed, 2020-01-08 at 13:38 -0500, Tareq Alrashid wrote: > > > How can we make it as close to realtime as possible? > > > what is the smallest value possible we can assign? > > > > > > Background: > > > > > > Master receives a newly provisioned user, or new password > > > change/reset, and since we live in the instant-gratification > > > times, > > > users attempt to login onto services that configured to > > > authenticate > > > against replica servers which of course have not been propagated > > > to > > > yet…. failed login => open a help desk ticket…etc. waste of time > > > and > > > frustration. > > > > > > How do you all deal with the latency in your hi-ed environment? > > > > > > HNY! Thanks for any insights > > > > We haven't reduced the polling interval, but have configured our > > web > > single sign on hosts to authenticate against our master KDC in > > preference to the slaves by listing their IP addresses in order in > > /etc/krb5.conf. > > > > Cheers, > > > > Kenny. > > > > > > > > > > > > -- > > The University of Edinburgh is a charitable body, registered in > > Scotland, with registration number SC005336. > > > > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
