Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) RT-Send-CC: X-RT-Original-Encoding: iso-8859-1 Content-Length: 662 Before we commit to changing the default or making it configurable, I would like to know what version of Kerberos is being used on the back end. Prior to release 1.9, the LDAP KDB module takes O(N^2) time to iterate over N principals due to a combination of questionable design features. It is possible that retrieving even a hundred thousand principal names could be done in less than 120 seconds without this bug. If we do need to make a change, I would suggest using a very long timeout or (if possible) disable the timeout entirely. Since kadmin runs over TCP, there isn't really a strong need to time out if kadmind takes a long time to respond.