[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: KRB5KRB_ERR_RESPONSE_TOO_BIG




Dave Snoopy <kingsnoopy7@yahoo.com> writes:

> When I perform a kinit against my Windows 2003 domain
> controller as Administrator, I get this error back (I
> see it on the network):
> KRB5KRB_ERR_RESPONSE_TOO_BIG

Both the number of groups that user is member of (Administrators, etc) and
the number of addesses that are added to the ticket might cause it to
because larger the what the microsoft kdc think its large and then return
KRB5KRB_ERR_RESPONSE_TOO_BIG.

Using TCP solves the problem however the error code was never caught when
using UDP, so TCP was never tried. A workaround is to force the client to
always use TCP.

[realms]
        MY.REALM = {
                 kdc = tcp/my.first.kdc
                 kdc = tcp/my.second.kdc
	}

The problem is fixed in current heimdal (not the 0.6 release branch).

Love

PGP signature