How can I change the KDC timeout when using JBoss Negotiation?

Solution Verified - Updated -

Issue

We have given multiple AD instances in the configuration according to section 4.2.1. of the Negotiation User Guide.

What we experience is, that in the event of a primary AD failure (when we shut down the primary AD), failover takes a long time, and it tries to reach the primary AD repeatedly for every negotiation process. So basically the symptom is that when the primary AD is down, the negotiation process takes 1 or 2 minutes every time.

Our questions are:
1. Can we specify the connection timeout for the KDC, so that we can make the failover process faster?
2. How can we make SPNEGO always use the secondary KDC after an event of failure of the primary KDC, so it doesn't have to fail over during every negotiation request?

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 5.x
    • 6.x
  • JBoss Negotiation

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.