[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kinit fails against W2k3 server

To: Martin Zielinski <mz@seh.de>
Subject: Re: kinit fails against W2k3 server
From: Love <lha@stacken.kth.se>
Date: Sun, 30 Jan 2005 16:04:51 +0100
Cc: heimdal-discuss@sics.se
In-Reply-To: <200501200907.46560.mz@seh.de> (Martin Zielinski's message of"Thu, 20 Jan 2005 09:07:46 +0100")
References: <200501200907.46560.mz@seh.de>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (berkeley-unix)


Martin Zielinski <mz@seh.de> writes:

> For historical reasons, the administrator is member in lots of groups. As
> a result the ticket size is too big for UDB, so the W2k3-server sends an
> KRB5KRB_ERR_RESPONSE_TOO_BIG (Response too big for UDP, retry with TCP)
> error back to kinit.
>
> Unfortunatly this case is not handled in lib/krb5/get_in_tck.c -
> krb5_get_in_cred(). Only the KRB5KDC_ERR_PREAUTH_REQUIRED error is
> handled.

Sorry for not responding eailer,

If you grap the latest heimdal-0.6-<date>.tar.gz snapshot it will contains
code that support falling back to TCP when UDP failes or the error
KRB5KRB_ERR_RESPONSE_TOO_BIG is returned.

If you don't want to upgrade you can force tcp in krb5.conf

[realms]
        MY.REALM = {
                 kdc = tcp/my.first.kdc.my.realm
                 kdc = tcp/my.second.kdc.my.realm
        }

Love

PGP signature

References:
- kinit fails against W2k3 server
  - From: Martin Zielinski <mz@seh.de>

Prev by Date: Re: heimdal on Macintosh OS X.3 ?
Next by Date: Re: Fwd: Protocols of heimdal servers
Prev by thread: kinit fails against W2k3 server
Next by thread: Design Questions for Adding PTserver Support
Index(es):
- Date
- Thread