diff --git a/k8s/kerberos-config.yaml b/k8s/kerberos-config.yaml
index e449e38..786f28c 100644
--- a/k8s/kerberos-config.yaml
+++ b/k8s/kerberos-config.yaml
@@ -1,4 +1,4 @@
-#wget https://gitlab.corp.redhat.com/it-iam/system-configs/raw/master/krb5/idm/linux-krb5.conf && oc create configmap kerberos-config --from-file=linux-krb5.conf --dry-run=client -o yaml > kerberos-config.yaml
+#oc create configmap kerberos-config --from-file=linux-krb5.conf --dry-run=client -o yaml > kerberos-config.yaml
 apiVersion: v1
 data:
   linux-krb5.conf: |
@@ -15,8 +15,10 @@ data:
       dns_canonicalize_hostname = false
       ticket_lifetime = 24h
       forwardable = true
-      udp_preference_limit = 0
+      udp_preference_limit = 1
       default_ccache_name = KEYRING:persistent:%{uid}
+      max_retries = 1
+      kdc_timeout = 1500
 
     [realms]
 
@@ -34,7 +36,6 @@ data:
            auth_to_local = RULE:[1:$1@$0](.*@REDHAT\.COM)s/@.*//
            auth_to_local = DEFAULT
         }
-
     #DO NOT ADD A [domain_realms] section
     #https://mojo.redhat.com/docs/DOC-1166841
 kind: ConfigMap
diff --git a/k8s/linux-krb5.conf b/k8s/linux-krb5.conf
new file mode 100644
index 0000000..701d438
--- /dev/null
+++ b/k8s/linux-krb5.conf
@@ -0,0 +1,36 @@
+includedir /etc/krb5.conf.d/
+
+# depending on your config, you may wish to uncomment the following:
+# includedir /var/lib/sss/pubconf/krb5.include.d/
+
+[libdefaults]
+  default_realm = IPA.REDHAT.COM
+  dns_lookup_realm = true
+  dns_lookup_kdc = true
+  rdns = false
+  dns_canonicalize_hostname = false
+  ticket_lifetime = 24h
+  forwardable = true
+  udp_preference_limit = 1
+  default_ccache_name = KEYRING:persistent:%{uid}
+  max_retries = 1
+  kdc_timeout = 1500
+
+[realms]
+
+    REDHAT.COM = {
+        default_domain = redhat.com
+        dns_lookup_kdc = true
+        master_kdc = kerberos.corp.redhat.com
+        admin_server = kerberos.corp.redhat.com
+    }
+
+    IPA.REDHAT.COM = {
+       default_domain = ipa.redhat.com
+       dns_lookup_kdc = true
+       # Trust tickets issued by legacy realm on this host
+       auth_to_local = RULE:[1:$1@$0](.*@REDHAT\.COM)s/@.*//
+       auth_to_local = DEFAULT
+    }
+#DO NOT ADD A [domain_realms] section
+#https://mojo.redhat.com/docs/DOC-1166841