[30292] in Kerberos

home help back first fref pref prev next nref lref last post

Re: obtaining tickets by TCP

daemon@ATHENA.MIT.EDU (Ken Raeburn)
Thu Sep 11 14:53:06 2008

From: Ken Raeburn <raeburn@mit.edu>
To: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>
In-Reply-To: <gabj16$9tn$3@relay.tomsk.ru>
Message-Id: <988DE89F-F552-48BA-9967-0B9D278F8A51@mit.edu>
Mime-Version: 1.0 (Apple Message framework v928.1)
Date: Thu, 11 Sep 2008 14:52:49 -0400
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

On Sep 11, 2008, at 13:03, Victor Sudakov wrote:
> Colleagues,
>
> Is there a way to configure a Kerberos client to use TCP for obtaining
> tickets, other that explicitly listing all KDC's in krb5.conf with
> the "tcp" prefix?
>
> I want to be able to prefer TCP transport and still retain the
> possibility of using DNS SRV records to lookup KDCs.

The setting "udp_preference_limit" (under libdefaults) indicates the  
minimum outgoing packet size for which the library will try TCP  
first.  If it doesn't get through with TCP, it will still try UDP;  
this only controls the order.

Ken
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post