[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
kinit fails against W2k3 server
We have a huge network with a distributed AD domain.
We're using heimdal (0.6.3) kinit + the Samba net command to join the Linux
machines to the domain.
For historical reasons, the administrator is member in lots of groups. As a
result the ticket size is too big for UDB, so the W2k3-server sends an
KRB5KRB_ERR_RESPONSE_TOO_BIG (Response too big for UDP, retry with TCP) error
back to kinit.
Unfortunatly this case is not handled in lib/krb5/get_in_tck.c -
krb5_get_in_cred(). Only the KRB5KDC_ERR_PREAUTH_REQUIRED error is handled.
According to what i've found under
, kinit should resend its request using TCP instead of UDP.
BTW, MIT-kinit behaves this way, 8but causes several other troubles later on).
I'm new to this code, so I've no idea how to manipulate the proto property for
the second try.
Thanks a lot for any help !
Martin Zielinski firstname.lastname@example.org
SEH Computertechnik GmbH www.seh.de