timeout period for failed kdc in /etc/krb5.conf

Chris H xtofer at mail.com
Thu Jun 9 11:47:48 EDT 2005


hi.
i'm using the MIT kerberos implementation 1.4.1 to connect samba to
active directory, as a lot of other people would be too. i have no
problems with this - it seems to work beautifully!

my question is, how nicely would it work if the domain-controller i've
specified as the KDC in my /etc/krb5.conf happens to die?
i've specified two KDCs actually:

[realms]
BLAH.BLAH.COM = {
default_domain = BLAH.BLAH.COM
kdc = 1.2.3.4
kdc = 1.2.3.5
}

if the first kdc is down, or even worse (up but malfunctioning), will
every request take longer because it's waiting for a timeout on the
first kdc?

can i specify any more options or even some nice form of loadbalancing
here?

i should be able to at least!?

and no i don't use DNS, for reasons out of my control.

Chris



More information about the Kerberos mailing list