Query about kdc_timeout

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Query about kdc_timeout

mogasale.tech
Hi Devs,

We have a scenario, where DC server is slow and due to that our kerberos
clients keep waiting for long time to get a response, also blocking many
requests in queue. This, results in overall degraded experience.

While fixing DC servers is the obvious fix which we are working on, what we
also want to achieve is to prevent kerberos clients from getting blocked
with single request for too long.

We tried "kdc_timeout" field in our krb5 configuration file, and it did not
help. After some googling around, it seems like MIT implementation of
kerberos may not be supporting this field.

There is no mention of this field in any of the documentation.
kdc.conf -
https://web.mit.edu/kerberos/krb5-1.17/doc/admin/conf_files/kdc_conf.html
krb5.conf -
https://web.mit.edu/kerberos/krb5-1.17/doc/admin/conf_files/krb5_conf.html

The answer for this old query is indicating the same, and still seems
relevant -
http://kerberos.996246.n3.nabble.com/Fail-over-in-krb5-conf-to-next-listed-KDC-entry-td42213.html

Given this scenario, could you please guide us how can we preempt any
request which is waiting on KDC beyond a threshold time? We are on v1.17 of
MIT kerberos.

Thanks in advance.

Regards,
Rama
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev