obtaining tickets by TCP
Ken Raeburn
raeburn at MIT.EDU
Thu Sep 11 14:52:49 EDT 2008
On Sep 11, 2008, at 13:03, Victor Sudakov wrote:
> Colleagues,
>
> Is there a way to configure a Kerberos client to use TCP for obtaining
> tickets, other that explicitly listing all KDC's in krb5.conf with
> the "tcp" prefix?
>
> I want to be able to prefer TCP transport and still retain the
> possibility of using DNS SRV records to lookup KDCs.
The setting "udp_preference_limit" (under libdefaults) indicates the
minimum outgoing packet size for which the library will try TCP
first. If it doesn't get through with TCP, it will still try UDP;
this only controls the order.
Ken
More information about the Kerberos
mailing list