Displaying 5 results from an estimated 5 matches for "kdc_timeout".
Did you mean:
fec_timeout
2006 Jun 19
0
inital access need some seconds - kerberos(?) error in log - 3.0.22-1 Debian
...dns_lookup_kdc = true
default_keytab_name = FILE:/etc/krb5.keytab
default_tgs_enctypes = des-cbc-md5 des-cbc-crc arcfour-hmac-md5
default_tkt_enctypes = des-cbc-md5 des-cbc-crc arcfour-hmac-md5
permitted_enctypes = des-cbc-md5 des-cbc-crc arcfour-hmac-md5
kdc_timeout = 1500
max_retries = 2
[domain_realm]
vw.vkw.tu-dresden.de = VW.XXXXXXX
.vw.vkw.tu-dresden.de = VW.XXXXXXX
[logging]
default = FILE:/var/log/krb5libs.lo
2017 Nov 10
2
Slow Kerberos Authentication
No, no idee, but really, upgrade to samba, best option, in my opinion.
If thats not possible, it happens..
A timeout option can be set in krb5.conf
for example : kdc_timeout = 5000
You have these for krb5.conf to try out also.
the complete list.
des-hmac-sha1
DES with HMAC/sha1 (weak)
aes256-cts-hmac-sha1-96 aes256-cts AES-256
CTS mode with 96-bit SHA-1 HMAC
aes128-cts-hmac-sha1-96 aes128-cts AES-128
CTS mode with 96-bit SHA-1 HMAC
arcfour-hmac rc4-hmac a...
2006 Jun 22
1
spnego_kerberos(303) - Username Domain\Client$ is invalid
...dns_lookup_kdc = true
default_keytab_name = FILE:/etc/krb5.keytab
default_tgs_enctypes = des-cbc-md5 des-cbc-crc arcfour-hmac-md5
default_tkt_enctypes = des-cbc-md5 des-cbc-crc arcfour-hmac-md5
permitted_enctypes = des-cbc-md5 des-cbc-crc arcfour-hmac-md5
kdc_timeout = 1500
max_retries = 2
[domain_realm]
fqdn = FQDN
.fqdn = FQDN
[logging]
default = FILE:/var/log/krb5libs.log
2017 Nov 11
0
Slow Kerberos Authentication
...happens.
On 10 Nov 2017 11:23, "L.P.H. van Belle via samba" <samba at lists.samba.org>
wrote:
> No, no idee, but really, upgrade to samba, best option, in my opinion.
> If thats not possible, it happens..
>
> A timeout option can be set in krb5.conf
> for example : kdc_timeout = 5000
>
>
> You have these for krb5.conf to try out also.
> the complete list.
> des-hmac-sha1
> DES with HMAC/sha1 (weak)
>
> aes256-cts-hmac-sha1-96 aes256-cts AES-256
> CTS mode with 96-bit SHA-1 HMAC
>
> aes128-cts-hmac-sha1-96 aes128-cts AES-12...
2017 Nov 09
3
Slow Kerberos Authentication
Hai,
You may need to add the the following in krb5.conf
[libdefaults]
allow_weak_crypto = true
; for Windows 2003
; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; permitted_enctypes = rc4-hmac des-cbc-crc des-cbc-md5
; for Windows 2008 with AES
default_tgs_enctypes = aes128-cts-hmac-sha1-96