7.4. Adjusting the number of krb5kdc processes
This procedure describes how to manually adjust the number of processes that the Key Distribution Center (KDC) starts to handle incoming connections.
By default, the IdM installer detects the number of CPU cores and enters the value in the /etc/sysconfig/krb5kdc file. For example, the file might contain the following entry:
KRB5KDC_ARGS='-w 2' [...]
In this example, with the KRB5KDC_ARGS parameter set to -w 2, the KDC starts two separate processes to handle incoming connections from the main process. You might want to adjust this value, especially in virtual environments where you can easily add or remove the number of virtual CPUs based on your requirements. To prevent performance issues or even IdM servers becoming unresponsive due to an ever-increasing TCP/IP queue on port 88, simulate a higher number of processes by manually setting the KRB5KDC_ARGS parameter to a higher value.
Procédure
-
Open the
/etc/sysconfig/krb5kdcfile in a text editor. Specify the value of the
KRB5KDC_ARGSparameter. In this example, you are setting the number of processes to 10:KRB5KDC_ARGS='-w 10' [...]
-
Save and close the
/etc/sysconfig/krb5kdcfile. Reload the systemd configuration:
# systemctl daemon-reload
Restart the
krb5kdcservice:# systemctl restart krb5kdc.service
You can use the IdM Healthcheck utility to verify that the KDC is configured to use the optimal number of worker processes. See Verifying the optimal number of KDC worker processes using IdM Healthcheck.
