You may want to verify that you're permitting UDP as well. If the client has to fail back to TCP you have to wait for the time out to occur first.
--- On 04/24/2013 08:31 AM, Tom Yu wrote: > Rasanth Akali Kandoth <[email protected]> writes: > >> All, >> I am facing an issue. call to krb5_get_init_creds_password is taking 15 >> secs to return. i am calling it as follows. >> krb5_get_init_creds_password(k5->ctx, &my_creds, k5->me, >> opts->principal_passwd, NULL, NULL, >> 0, NULL, options); >> >> after it returns, everything works fine. I could see that there is no delay >> at the KDC. as soon as it get a AS-REQ, it responds. the delay happens even >> before the request is made. >> is there any known issue with this function? > It's possible that there are problems with your local DNS resolvers. > Try a packet capture of all DNS traffic to and from your machine when > this happens. You would see DNS queries (possibly SRV queries) sent > by your machine and not responded to, if that were the case. > > Does kinit experience the same delays? > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
