Query about kdc_timeout
mogasale.tech
mogasale.tech at gmail.com
Wed Jan 29 09:24:36 EST 2020
Hi Devs,
We have a scenario, where DC server is slow and due to that our kerberos
clients keep waiting for long time to get a response, also blocking many
requests in queue. This, results in overall degraded experience.
While fixing DC servers is the obvious fix which we are working on, what we
also want to achieve is to prevent kerberos clients from getting blocked
with single request for too long.
We tried "kdc_timeout" field in our krb5 configuration file, and it did not
help. After some googling around, it seems like MIT implementation of
kerberos may not be supporting this field.
There is no mention of this field in any of the documentation.
kdc.conf -
https://web.mit.edu/kerberos/krb5-1.17/doc/admin/conf_files/kdc_conf.html
krb5.conf -
https://web.mit.edu/kerberos/krb5-1.17/doc/admin/conf_files/krb5_conf.html
The answer for this old query is indicating the same, and still seems
relevant -
http://kerberos.996246.n3.nabble.com/Fail-over-in-krb5-conf-to-next-listed-KDC-entry-td42213.html
Given this scenario, could you please guide us how can we preempt any
request which is waiting on KDC beyond a threshold time? We are on v1.17 of
MIT kerberos.
Thanks in advance.
Regards,
Rama
More information about the krbdev
mailing list