timeout period for failed kdc in /etc/krb5.conf
Ken Raeburn
raeburn at MIT.EDU
Thu Jun 9 15:59:37 EDT 2005
On Jun 9, 2005, at 11:47, Chris H wrote:
> i'm using the MIT kerberos implementation 1.4.1 to connect samba to
> active directory, as a lot of other people would be too. i have no
> problems with this - it seems to work beautifully!
That's great news.
> if the first kdc is down, or even worse (up but malfunctioning), will
> every request take longer because it's waiting for a timeout on the
> first kdc?
If the client gets back some kind of connection-refused indication, it
will immediately move on to the next KDC in the list. If it sees no
response at all, it does wait a little (one second, I think) before
moving on to the next KDC. So, yes, there's a delay, though it
shouldn't be large.
> can i specify any more options or even some nice form of loadbalancing
> here?
I'm afraid not, in the current version, unless you do it through DNS
(SRV records, or one KDC with multiple A records), which you say you
can't... :-(
Ken
More information about the Kerberos
mailing list