How can I change the KDC timeout when using JBoss Negotiation?
Issue
We have given multiple AD instances in the configuration according to section 4.2.1. of the Negotiation User Guide.
What we experience is, that in the event of a primary AD failure (when we shut down the primary AD), failover takes a long time, and it tries to reach the primary AD repeatedly for every negotiation process. So basically the symptom is that when the primary AD is down, the negotiation process takes 1 or 2 minutes every time.
Our questions are:
1. Can we specify the connection timeout for the KDC, so that we can make the failover process faster?
2. How can we make SPNEGO always use the secondary KDC after an event of failure of the primary KDC, so it doesn't have to fail over during every negotiation request?
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 5.x
- 6.x
- JBoss Negotiation
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
