Dejmek Pavel
2024-08-04 12:45:38 UTC
We have been testing integration between linux servers(rhel) and
Windows active directory + MFA solution from Silverfort.
Linux servers(rhel 9.4) are using sssd + kerberos 1.21.1.
When user wants to login to linux, kerberos client running on linux
successfully open TCP session towards windows server and send request.
Due to MFA implementation it takes some time until response is send
back. User has to find his phone, unlock it, find push notification,
We discovered that kerberos clients retries to send request after 10sec
and unfortunately it means that another MFA request is sent.
Is there any way howto extend this period(10sec to 60sec)?
I have found one commit which can fix this issue, it is #9105 "Wait
indefinitely on KDC TCP connections"
Is there any plan to include this commit in future release?
Thank you for your help
Pavel Dejmek
