Fail over in krb5.conf to next listed KDC entry?

Greg Hudson ghudson at
Tue Dec 9 13:21:17 EST 2014

On 12/09/2014 12:20 AM, Todd Grayson wrote:
> Is there a configurable timeout value that can be set in the krb5.conf to
> tell a client how long to wait for a response from a KDC before failing
> over to the next listed kdc entry for a specific REALM in the [realms]
> section of the krb5.conf?

No, and I don't believe we have ever supported a krb5.conf variable for

> Is that kdc_timeout parameter only for sun/oracle's solaris SEAM
> implementation of kerberos?
> Or is only the java JGSS implementation recognizing this kdc_timeout value?

It doesn't look like the Solaris C implementation of Kerberos supports a
kdc_timeout config variable.  I don't know about JGSS.  Heimdal does
appear to support it.

More information about the Kerberos mailing list