Re: timeout period for failed kdc in /etc/krb5.conf
On Jun 9, 2005, at 11:47, Chris H wrote:
> i'm using the MIT kerberos implementation 1.4.1 to connect samba to
> active directory, as a lot of other people would be too. i have no
> problems with this - it seems to work beautifully!
That's great news.
> if the first kdc is down, or even worse (up but malfunctioning), will
> every request take longer because it's waiting for a timeout on the
> first kdc?
If the client gets back some kind of connection-refused indication, it
will immediately move on to the next KDC in the list. If it sees no
response at all, it does wait a little (one second, I think) before
moving on to the next KDC. So, yes, there's a delay, though it
shouldn't be large.
> can i specify any more options or even some nice form of loadbalancing
I'm afraid not, in the current version, unless you do it through DNS
(SRV records, or one KDC with multiple A records), which you say you