[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

kinit fails against W2k3 server

Hello list,

We have a huge network with a distributed AD domain.
We're using heimdal (0.6.3) kinit + the Samba net command to join the Linux 
machines to the domain.

For historical reasons, the administrator is member in lots of groups. As a 
result the ticket size is too big for UDB, so the W2k3-server sends an 
KRB5KRB_ERR_RESPONSE_TOO_BIG (Response too big for UDP, retry with TCP) error 
back to kinit.

Unfortunatly this case is not handled in lib/krb5/get_in_tck.c - 
krb5_get_in_cred(). Only the KRB5KDC_ERR_PREAUTH_REQUIRED error is handled.

According to what i've found under
, kinit should resend its request using TCP instead of UDP.

BTW, MIT-kinit behaves this way, 8but causes several other troubles later on).

I'm new to this code, so I've no idea how to manipulate the proto property for 
the second try.

Thanks a lot for any help !

- Martin

Martin Zielinski                       mz@seh.de
Software Development
SEH Computertechnik GmbH     www.seh.de