#4725 Prefer TCP Kerberos on clients
Closed: Fixed None Opened 6 years ago by npmccallum.

TCP is overall a better fit for IPA. But with OTP using UDP is likely to cause timeouts, spurious failures and lockouts. FreeIPA should default to using TCP first and fall back to using UDP.


Yes, ipa-client-install should update krb5.conf on the client to prefer TCP.

The original closed SSSD ticket that started this effort: https://fedorahosted.org/sssd/ticket/914

master:

  • 7ad9f5d Prefer TCP connections to UDP in krb5 clients

ipa-4-1:

  • d73ed48 Prefer TCP connections to UDP in krb5 clients

Metadata Update from @npmccallum:
- Issue assigned to npmccallum
- Issue set to the milestone: FreeIPA 4.1.3

4 years ago

Login to comment on this ticket.

Metadata