KDC timeout for MIT Kerberos?

Russ Allbery eagle at eyrie.org
Wed Feb 9 12:49:32 EST 2022


A user of my Kerberos PAM module asked whether there was a way to adjust
the timeout when talking to the KDC.  The use case is a laptop that may
have a dodgy VPN and thus think it's on the Internet but not be able to
reach the KDC.

    https://github.com/rra/pam-krb5/issues/22

My understanding is that Heimdal supports the kdc_timeout configuration
option in krb5.conf, but I don't see an equivalent for MIT Kerberos.  Is
there any way for the application or for the user to control how long it
takes for the library to decide that it's not going to get a reply from
the KDC and fail the krb5_get_init_creds_password attempt?

-- 
Russ Allbery (eagle at eyrie.org)             <https://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list