[30292] in Kerberos
Re: obtaining tickets by TCP
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Thu Sep 11 14:53:06 2008
From: Ken Raeburn <raeburn@mit.edu>
To: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>
In-Reply-To: <gabj16$9tn$3@relay.tomsk.ru>
Message-Id: <988DE89F-F552-48BA-9967-0B9D278F8A51@mit.edu>
Mime-Version: 1.0 (Apple Message framework v928.1)
Date: Thu, 11 Sep 2008 14:52:49 -0400
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Sep 11, 2008, at 13:03, Victor Sudakov wrote:
> Colleagues,
>
> Is there a way to configure a Kerberos client to use TCP for obtaining
> tickets, other that explicitly listing all KDC's in krb5.conf with
> the "tcp" prefix?
>
> I want to be able to prefer TCP transport and still retain the
> possibility of using DNS SRV records to lookup KDCs.
The setting "udp_preference_limit" (under libdefaults) indicates the
minimum outgoing packet size for which the library will try TCP
first. If it doesn't get through with TCP, it will still try UDP;
this only controls the order.
Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos