[39445] in Kerberos
Kerberos TCP retries
daemon@ATHENA.MIT.EDU (Dejmek Pavel via Kerberos)
Sun Aug 4 08:47:10 2024
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Sun, 4 Aug 2024 12:45:38 +0000
Message-ID: <30c17b47-ea40-4937-b67b-f36d68086678@o2.cz>
Content-Language: en-US
x-tenant-from: From_TelcoCloud
Content-ID: <023CAD105B8BD142A188F6211169AB59@eurprd08.prod.outlook.com>
MIME-Version: 1.0
From: Dejmek Pavel via Kerberos <kerberos@mit.edu>
Reply-To: Dejmek Pavel <pavel.dejmek@o2.cz>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hello,
We have been testing integration between linux servers(rhel) and
Windows active directory + MFA solution from Silverfort.
Linux servers(rhel 9.4) are using sssd + kerberos 1.21.1.
When user wants to login to linux, kerberos client running on linux
successfully open TCP session towards windows server and send request.
Due to MFA implementation it takes some time until response is send
back. User has to find his phone, unlock it, find push notification,
confirm..
We discovered that kerberos clients retries to send request after 10sec
and unfortunately it means that another MFA request is sent.
Is there any way howto extend this period(10sec to 60sec)?
I have found one commit which can fix this issue, it is #9105 "Wait
indefinitely on KDC TCP connections"
Is there any plan to include this commit in future release?
Thank you for your help
Pavel Dejmek
Obsah této zprávy má výlučně komunikační charakter. Nepředstavuje návrh na uzavření smlouvy či na její změnu ani přijetí případného návrhu. Smlouvy či jejich změny jsou společností O2 Czech Republic a.s. uzavírány v písemné formě nebo v podobě a postupem podle příslušných všeobecných podmínek společnosti O2 Czech Republic a.s., a pokud jsou dohodnuty všechny náležitosti. Smlouvy jsou uzavírány oprávněnou osobou na základě písemného pověření. Smlouvy o smlouvě budoucí jsou uzavírány výhradně v písemné formě, vlastnoručně podepsané nebo s uznávaným elektronickým podpisem. Podmínky, za nichž O2 Czech Republic a.s. přistupuje k jednání o smlouvě a jakými se řídí, jsou dostupné zde<http://www.o2.cz/spolecnost/transparentnost-pri-vyjednavani-o-smlouve/>.
The content of this message is intended for communication purposes only. It does neither represent any contract proposal, nor its amendment or acceptance of any potential contract proposal. O2 Czech Republic a.s. concludes contracts or amendments thereto in a written form or in the form and the procedure in accordance with relevant general terms and conditions of O2 Czech Republic a.s., if all requirements are agreed. Contracts are concluded by an authorized person entitled on the basis of a written authorization. Contracts on a future contract are concluded solely in a written form, self-signed or signed by means of an advanced electronic signature. The conditions under which O2 Czech Republic a.s. negotiates contracts and under which it proceeds are available here<http://www.o2.cz/spolecnost/en/transparency-in-contract-negotiations/>.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos