subject:"\[Freeipa\-users\] Valid Sender \? \- Re\: ipa\-otpd\: timeout from kerberos when talking to an external 'slow' RADIUS server"

Re: [Freeipa-users] Valid Sender ? - Re: ipa-otpd: timeout from kerberos when talking to an external 'slow' RADIUS server

2016-12-20 Thread Jochen Hein

Alexander Bokovoy writes: >>* sssd has a default kerberos timeout of six seconds. >> Can be changed in /etc/sssd/sssd.conf: krb5_auth_timeout, >> which also seems to work for auth_provider = ipa, but is not >> documented in sssd-ipa(5). > sssd-ipa(5) says: > >

Re: [Freeipa-users] Valid Sender ? - Re: ipa-otpd: timeout from kerberos when talking to an external 'slow' RADIUS server

2016-12-20 Thread Alexander Bokovoy

On ti, 20 joulu 2016, Jochen Hein wrote: Alexander Bokovoy writes: 1. KDC to ipa-otd: this can be changed in /var/kerberos/krb5kdc/kdc.conf. I think the timeout should be larger then the (largest) second timeout - and I think retries=0 is best. This is for communication

Re: [Freeipa-users] Valid Sender ? - Re: ipa-otpd: timeout from kerberos when talking to an external 'slow' RADIUS server

2016-12-20 Thread Jochen Hein

Alexander Bokovoy writes: >>1. KDC to ipa-otd: this can be changed in >>/var/kerberos/krb5kdc/kdc.conf. I think the timeout should be larger >>then the (largest) second timeout - and I think retries=0 is best. >>This is for communication between KDC and ipa-otd. >> >>2.

Re: [Freeipa-users] Valid Sender ? - Re: ipa-otpd: timeout from kerberos when talking to an external 'slow' RADIUS server

2016-12-19 Thread Jochen Hein

Alexander Bokovoy writes: > On su, 18 joulu 2016, Jochen Hein wrote: > Ok. It would probably make sense to file a ticket to FreeIPA tracker to > get these changes in FreeIPA 4.5. I'm now fighting against my privacyidea server, but if I can test something more and am sure

Re: [Freeipa-users] Valid Sender ? - Re: ipa-otpd: timeout from kerberos when talking to an external 'slow' RADIUS server

2016-12-18 Thread Alexander Bokovoy

On su, 18 joulu 2016, Jochen Hein wrote: Alexander Bokovoy writes: So I've added the following to /var/kerberos/krb5kdc/kdc.conf and restarted kdc: , | [otp] | DEFAULT = { | timeout = 15 | retries = 0 | strip_realm = false | } ` After that I can use my

Re: [Freeipa-users] Valid Sender ? - Re: ipa-otpd: timeout from kerberos when talking to an external 'slow' RADIUS server

2016-12-18 Thread Jochen Hein

Alexander Bokovoy writes: >>So I've added the following to /var/kerberos/krb5kdc/kdc.conf and restarted >>kdc: >> >>, >>| [otp] >>| DEFAULT = { >>| timeout = 15 >>| retries = 0 >>| strip_realm = false >>| } >>` >> >>After that I can use my OTP tokens without

Re: [Freeipa-users] Valid Sender ? - Re: ipa-otpd: timeout from kerberos when talking to an external 'slow' RADIUS server

Re: [Freeipa-users] Valid Sender ? - Re: ipa-otpd: timeout from kerberos when talking to an external 'slow' RADIUS server

Re: [Freeipa-users] Valid Sender ? - Re: ipa-otpd: timeout from kerberos when talking to an external 'slow' RADIUS server

Re: [Freeipa-users] Valid Sender ? - Re: ipa-otpd: timeout from kerberos when talking to an external 'slow' RADIUS server

Re: [Freeipa-users] Valid Sender ? - Re: ipa-otpd: timeout from kerberos when talking to an external 'slow' RADIUS server

Re: [Freeipa-users] Valid Sender ? - Re: ipa-otpd: timeout from kerberos when talking to an external 'slow' RADIUS server

6 matches

Site Navigation

Mail list logo

Footer information