pam_krb5 against w2k3 very slow?

Dave davetree2-deja at yahoo.com
Mon Apr 18 14:18:31 EDT 2005


>Hi,
>
>
>we connected a linux box with w2k3 and installed pam_krb5 for >sshd.
In
>principle it works but it takes about 10sec to authenticate?! The
>servers work in a test environment means basically no load.
>The krb5 installation is heimdal 0.61 but I dont know if this >really
>has do with the pam_krb5.so library.
>Is this behavior common or can it be sped up?
>
>
>Thanks for any comments,
>
>
>Tobias

 Hello...

Don't know if you ever fixed this, but I just ran into the same
problem. It helps a lot if you put

kdc_timeout=1

   and

max_retries=1

in your krb5.conf. It looks like it's doing a krb5_get_in_tkt but the
win2k3 server never replies. With the default kdc_timeout=3 and
max_retries=3, it ends up with a 9 second delay before continuing....

Dave



More information about the Kerberos mailing list