Fail over in krb5.conf to next listed KDC entry?
Greg Hudson
ghudson at mit.edu
Tue Dec 9 13:21:17 EST 2014
On 12/09/2014 12:20 AM, Todd Grayson wrote:
> Is there a configurable timeout value that can be set in the krb5.conf to
> tell a client how long to wait for a response from a KDC before failing
> over to the next listed kdc entry for a specific REALM in the [realms]
> section of the krb5.conf?
No, and I don't believe we have ever supported a krb5.conf variable for
this.
> Is that kdc_timeout parameter only for sun/oracle's solaris SEAM
> implementation of kerberos?
>
> Or is only the java JGSS implementation recognizing this kdc_timeout value?
It doesn't look like the Solaris C implementation of Kerberos supports a
kdc_timeout config variable. I don't know about JGSS. Heimdal does
appear to support it.
More information about the Kerberos
mailing list