Fail over in krb5.conf to next listed KDC entry?

Todd Grayson tgrayson at
Tue Dec 9 00:21:10 EST 2014

... one more question - if this is a supported parameter today
(kdc_timeout) what is its default value?


On Mon, Dec 8, 2014 at 10:20 PM, Todd Grayson <tgrayson at> wrote:

> Is there a configurable timeout value that can be set in the krb5.conf to
> tell a client how long to wait for a response from a KDC before failing
> over to the next listed kdc entry for a specific REALM in the [realms]
> section of the krb5.conf?
> When looking at
> there is no reference to "kdc_timeout" which I've seen previously mentioned
> in oracle threads.
> Is that kdc_timeout parameter only for sun/oracle's solaris SEAM
> implementation of kerberos?
> Or is only the java JGSS implementation recognizing this kdc_timeout value?
> Or is kdc_timeout a missing parameter within the current (and previous)
> krb5.conf documentation for the [libdefaults], and it is supported in the
> 1.10+ MIT kerberos releases?
> Thanks in advance.
> --
> Todd Grayson
> Customer Operations Engineering

Todd Grayson
Customer Operations Engineering

More information about the Kerberos mailing list