Bug 891660

Summary: Decrease the krb5_auth_timeout default value of 15
Product: Red Hat Enterprise Linux 7 Reporter: Dmitri Pal <dpal>
Component: sssdAssignee: Jakub Hrozek <jhrozek>
Status: CLOSED CURRENTRELEASE QA Contact: Kaushik Banerjee <kbanerje>
Severity: unspecified Docs Contact:
Priority: high    
Version: 7.0CC: grajaiya, jgalipea, pbrezina
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: sssd-1.10.0-1.el7.alpha1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 12:04:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dmitri Pal 2013-01-03 15:05:15 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/1738

The current value of 15 for krb5_auth_timeout makes failover of krb5_server(krb5_server=SERVER1,SERVER2) quite slow(15seconds) in certain scenarios, e.g.

- if SERVER1 machine is down
- if packets are DROPPED in SERVER1

Setting krb5_auth_timeout=6 in the above cases allows failover to happen in 6 seconds.

Not sure why krb5_auth_timeout is defaulted to 15. I would suggest it to be lowered to 6.
Comment 1 Jakub Hrozek 2013-03-26 18:08:29 UTC 
Fixed upstream.
Comment 2 Jakub Hrozek 2013-10-04 13:23:47 UTC 
Temporarily moving bugs to MODIFIED to work around errata tool bug
Comment 4 Kaushik Banerjee 2013-11-23 18:03:25 UTC 
Verified in version sssd-1.11.2-1.el7

Verified that the value has been updated in manpage to 6 seconds and functionally verified that failover to SERVER2 happens in 6 seconds now.
Comment 5 Ludek Smid 2014-06-13 12:04:32 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.