krb5_get_init_creds_password takes 15 secs to return

Rasanth Akali Kandoth rasanth at gmail.com
Thu Apr 25 02:03:08 EDT 2013


Hi Tom, Jeremy,
yes, it was the DNS query that was causing the issue. there was two DNS
request that had gone out and the client gets the response after almost 3
secs. After adding the flag 'dns_lookup_kdc = false' in the client conf
file, it started working fine. I was giving the ip of kdc in conf file
instead of name.

Thanks & Regards,
Rasanth


On Wed, Apr 24, 2013 at 6:01 PM, Tom Yu <tlyu at mit.edu> wrote:

> Rasanth Akali Kandoth <rasanth at gmail.com> writes:
>
> > All,
> > I am facing an issue. call to krb5_get_init_creds_password is taking 15
> > secs to return.  i am calling it as follows.
> > krb5_get_init_creds_password(k5->ctx, &my_creds, k5->me,
> >                                         opts->principal_passwd, NULL,
> NULL,
> > 0, NULL, options);
> >
> > after it returns, everything works fine. I could see that there is no
> delay
> > at the KDC. as soon as it get a AS-REQ, it responds. the delay happens
> even
> > before the request is made.
> > is there any known issue with this function?
>
> It's possible that there are problems with your local DNS resolvers.
> Try a packet capture of all DNS traffic to and from your machine when
> this happens.  You would see DNS queries (possibly SRV queries) sent
> by your machine and not responded to, if that were the case.
>
> Does kinit experience the same delays?
>



-- 
Regards,
Rasanth


More information about the Kerberos mailing list