Intermittent failures of mod_krb5
Isaac Boukris
iboukris at gmail.com
Thu Mar 1 18:46:02 CET 2018
On Thu, Mar 1, 2018 at 3:56 PM, Brian Candler <b.candler at pobox.com> wrote:
> the example below, when freeradius gets a UDP response saying the data is
> too big for UDP, it reconnects over TCP. This happens twice - once to get a
> TGT for the authenticating user and once to get a service ticket - and these
> are taking 2.4 and 6.2 seconds respectively. With additional UDP
> round-trips, the whole thing is taking nearly 12 seconds in the example
> below.
You can try to prefer TCP by setting 'udp_preference_limit' in
krb.conf, see the man page (I didn't test, but it sounds it should
work).
More information about the Freeradius-Users
mailing list