Bug 1193578
| Summary: | IdM Client does not set udp_preference_limit on upgrade - may affect clients with 2FA authentication | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Kosek <mkosek> |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
| Status: | CLOSED WONTFIX | QA Contact: | Namita Soman <nsoman> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.1 | CC: | apetrova, mnavrati, rcritten |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Known Issue | |
| Doc Text: |
Kerberos libraries on Identity Management clients communicate by default over the User Datagram Protocol (UDP). Using a one-time password (OTP) can cause additional delay, which can result in breaching Kerberos timeouts. As a consequence, the kinit command an other Kerberos operations can report communication errors, and the user can get locked out.
To work around this problem, make communication using the slightly slower Transmission Control Protocol (TCP) default by setting the "udp_preference_limit" option to 0 in the /etc/krb5.conf file.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-02-17 15:53:09 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Martin Kosek
2015-02-17 15:51:05 UTC
|