[19799] in Kerberos_V5_Development

home help back first fref pref prev next nref lref last post

Aggressive kinit timeouts

daemon@ATHENA.MIT.EDU (Jonathan Maron)
Tue Aug 7 06:47:22 2018

From: Jonathan Maron <jonathan.maron@oracle.com>
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Message-Id: <F52C0A57-62CB-4C75-ABD5-4B015ADD169B@oracle.com>
Date: Tue, 7 Aug 2018 06:46:54 -0400
To: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit

Hi,

  We have an LDAP realm setup that doesn’t communicate with a local LDAP DB, but rather goes through a number of gateways to access a remote LDAP resource.  This introduces some latency that at times exceeds 1 second.  That appears to be an issue - we often see authentication failures, possibly since the order of responses for repeated AS_REQ may be out of order?  Anyhow, we are definitely seeing auth failures, and the 1 second timeout appears to play a role.

  We are unfortunately still using version 1.10.  Has this issue been addressed in subsequent versions?  Is the 1 second timeout now configurable?

— Jon


_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev


home help back first fref pref prev next nref lref last post