We have a scenario, where DC server is slow and due to that our kerberos
clients keep waiting for long time to get a response, also blocking many
requests in queue. This, results in overall degraded experience.
While fixing DC servers is the obvious fix which we are working on, what we
also want to achieve is to prevent kerberos clients from getting blocked
with single request for too long.
We tried "kdc_timeout" field in our krb5 configuration file, and it did not
help. After some googling around, it seems like MIT implementation of
kerberos may not be supporting this field.