[24057] in Kerberos
Re: timeout period for failed kdc in /etc/krb5.conf
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Thu Jun 9 16:05:11 2005
In-Reply-To: <1118332068.210846.252410@g43g2000cwa.googlegroups.com>
Mime-Version: 1.0 (Apple Message framework v622)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <5597de2d70ec5f384ef60c86296a616a@mit.edu>
Content-Transfer-Encoding: 7bit
From: Ken Raeburn <raeburn@mit.edu>
Date: Thu, 9 Jun 2005 15:59:37 -0400
To: "Chris H" <xtofer@mail.com>
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
On Jun 9, 2005, at 11:47, Chris H wrote:
> i'm using the MIT kerberos implementation 1.4.1 to connect samba to
> active directory, as a lot of other people would be too. i have no
> problems with this - it seems to work beautifully!
That's great news.
> if the first kdc is down, or even worse (up but malfunctioning), will
> every request take longer because it's waiting for a timeout on the
> first kdc?
If the client gets back some kind of connection-refused indication, it
will immediately move on to the next KDC in the list. If it sees no
response at all, it does wait a little (one second, I think) before
moving on to the next KDC. So, yes, there's a delay, though it
shouldn't be large.
> can i specify any more options or even some nice form of loadbalancing
> here?
I'm afraid not, in the current version, unless you do it through DNS
(SRV records, or one KDC with multiple A records), which you say you
can't... :-(
Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
