How can you identify and resolve a network timeout in Kerberos authentication for the Rational Team Concert Client?
One answer
If krb5.conf on the server has this setting, then UDP port 88 will not work and the same setting needs to be in the .conf or .ini file on the client:
udp_preference_limit = 1
In order to identify whether this is the problem, capture standard output from the client to a file (eclipse.exe > stdout.log), then check that file for occurrences of "timeout" or "UDP:88". This pattern may emerge:
[KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcAccessibility: reset
[KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcComm send:
kdc=kerberos.example.com UDP:88, timeout=30000, number of retries =3,
#bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcCommunication:
kdc=kerberos.example.com UDP:88, timeout=30000,Attempt =1, #bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0: IOException with attempt: 1
[KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcCommunication:
kdc=kerberos.example.com UDP:88, timeout=30000,Attempt =2, #bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0: IOException with attempt: 2
[KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcCommunication:
kdc=kerberos.example.com UDP:88, timeout=30000,Attempt =3, #bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0: IOException with attempt: 3
[KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcCommunication:
kdc=kerberos.example.com TCP:88, timeout=30000,Attempt =1, #bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcComm send: #bytes read=2926
[KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcAccessibility: remove
kerberos.example.com
This shows that UDP port 88 was attempted three times before a successful connection was made on TCP port 88.
udp_preference_limit = 1
In order to identify whether this is the problem, capture standard output from the client to a file (eclipse.exe > stdout.log), then check that file for occurrences of "timeout" or "UDP:88". This pattern may emerge:
[KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcAccessibility: reset
[KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcComm send:
kdc=kerberos.example.com UDP:88, timeout=30000, number of retries =3,
#bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcCommunication:
kdc=kerberos.example.com UDP:88, timeout=30000,Attempt =1, #bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0: IOException with attempt: 1
[KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcCommunication:
kdc=kerberos.example.com UDP:88, timeout=30000,Attempt =2, #bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0: IOException with attempt: 2
[KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcCommunication:
kdc=kerberos.example.com UDP:88, timeout=30000,Attempt =3, #bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0: IOException with attempt: 3
[KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcCommunication:
kdc=kerberos.example.com TCP:88, timeout=30000,Attempt =1, #bytes=2871
[KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcComm send: #bytes read=2926
[KRB_DBG_KDC] KdcComm:Worker-0: >>> KdcAccessibility: remove
kerberos.example.com
This shows that UDP port 88 was attempted three times before a successful connection was made on TCP port 88.