timeout options

Greg Hudson ghudson at MIT.EDU
Mon Dec 16 10:50:51 EST 2013

On 12/13/2013 08:00 AM, Tobias Hachmer wrote:
> I am looking for some config options to control the timeout behaviour.
> Are there any directives in krb5.conf to control timeouts, e.g how long 
> to wait if a kdc isn't reachable?

We don't currently have config options or API controls to control
timeouts for sending to the KDC, and I'm not immediately sure what such
an option might look like.  A total maximum time to try talking to all
KDCs would make the most sense from a user or caller point of view, but
deriving intermediate timeouts from such a value would make an already
very complicated module more so.

It is possible to use the krb5_init_creds_step and krb5_tkt_creds_step
interfaces to fully control KDC communications, but then you're stuck
with all of the work of communicating with KDCs.

More information about the Kerberos mailing list