[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kinit fails against W2k3 server

Martin Zielinski <mz@seh.de> writes:

> For historical reasons, the administrator is member in lots of groups. As
> a result the ticket size is too big for UDB, so the W2k3-server sends an
> KRB5KRB_ERR_RESPONSE_TOO_BIG (Response too big for UDP, retry with TCP)
> error back to kinit.
> Unfortunatly this case is not handled in lib/krb5/get_in_tck.c -
> krb5_get_in_cred(). Only the KRB5KDC_ERR_PREAUTH_REQUIRED error is
> handled.

Sorry for not responding eailer,

If you grap the latest heimdal-0.6-<date>.tar.gz snapshot it will contains
code that support falling back to TCP when UDP failes or the error

If you don't want to upgrade you can force tcp in krb5.conf

        MY.REALM = {
                 kdc = tcp/my.first.kdc.my.realm
                 kdc = tcp/my.second.kdc.my.realm


PGP signature