How can you identify and resolve a network timeout in Kerberos authentication for the Rational Team Concert Client?
By default Kerberos authentication for Rational Team Concert clients will work on UDP port 88. If that fails it will fail over to TCP port 88. If a firewall does not allow the UDP connection on port 88, or if the Kerberos server has been configured to only allow TCP,
|
One answer
|
If krb5.conf on the server has this setting, then UDP port 88 will not work and the same setting needs to be in the .conf or .ini file on the client:
udp_preference_limit = 1 In order to identify whether this is the problem, capture standard output from the client to a file (eclipse.exe > stdout.log), then check that file for occurrences of "timeout" or "UDP:88". This pattern may emerge: [KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcAccessibility: reset [KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcComm send: kdc=kerberos.example.com UDP:88, timeout=30000, number of retries =3, #bytes=2871 [KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcCommunication: kdc=kerberos.example.com UDP:88, timeout=30000,Attempt =1, #bytes=2871 [KRB_DBG_KDC] KdcComm:Worker-0: IOException with attempt: 1 [KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcCommunication: kdc=kerberos.example.com UDP:88, timeout=30000,Attempt =2, #bytes=2871 [KRB_DBG_KDC] KdcComm:Worker-0: IOException with attempt: 2 [KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcCommunication: kdc=kerberos.example.com UDP:88, timeout=30000,Attempt =3, #bytes=2871 [KRB_DBG_KDC] KdcComm:Worker-0: IOException with attempt: 3 [KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcCommunication: kdc=kerberos.example.com TCP:88, timeout=30000,Attempt =1, #bytes=2871 [KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcComm send: #bytes read=2926 [KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcAccessibility: remove kerberos.example.com This shows that UDP port 88 was attempted three times before a successful connection was made on TCP port 88. |