Alexander Bokovoy writes:
>>* sssd has a default kerberos timeout of six seconds.
>> Can be changed in /etc/sssd/sssd.conf: krb5_auth_timeout,
>> which also seems to work for auth_provider = ipa, but is not
>> documented in sssd-ipa(5).
> sssd-ipa(5) says:
>
> The IPA provider a
On ti, 20 joulu 2016, Jochen Hein wrote:
Alexander Bokovoy writes:
1. KDC to ipa-otd: this can be changed in
/var/kerberos/krb5kdc/kdc.conf. I think the timeout should be larger
then the (largest) second timeout - and I think retries=0 is best.
This is for communication between KDC and ipa-otd
Alexander Bokovoy writes:
>>1. KDC to ipa-otd: this can be changed in
>>/var/kerberos/krb5kdc/kdc.conf. I think the timeout should be larger
>>then the (largest) second timeout - and I think retries=0 is best.
>>This is for communication between KDC and ipa-otd.
>>
>>2. There is a timeout in each
Alexander Bokovoy writes:
> On su, 18 joulu 2016, Jochen Hein wrote:
> Ok. It would probably make sense to file a ticket to FreeIPA tracker to
> get these changes in FreeIPA 4.5.
I'm now fighting against my privacyidea server, but if I can test
something more and am sure about the needed changes
On su, 18 joulu 2016, Jochen Hein wrote:
Alexander Bokovoy writes:
So I've added the following to /var/kerberos/krb5kdc/kdc.conf and restarted kdc:
,
| [otp]
| DEFAULT = {
| timeout = 15
| retries = 0
| strip_realm = false
| }
`
After that I can use my OTP tokens without prob
Alexander Bokovoy writes:
>>So I've added the following to /var/kerberos/krb5kdc/kdc.conf and restarted
>>kdc:
>>
>>,
>>| [otp]
>>| DEFAULT = {
>>| timeout = 15
>>| retries = 0
>>| strip_realm = false
>>| }
>>`
>>
>>After that I can use my OTP tokens without problems. With the de