Derek Ireland wrote:
On Tue, 03 Dec 2002 09:30:24 +0000, Varun Garg wrote:
I am using Kerberos JAAs authentication and I am getting an error for
some user ids which have large tickets, basically on a default the
java api is using UDP and the ticket exceeds the max size. Is it
possible to configure the api to use TCP and not UDP.
Thanks,
Varun
The SUN implementation does not support TCP. We (Wedgetail Communications)
implement Kerberos for Java and have had to implement TCP support to
get around this problem for some of our customers. This seems to
be a common problem when using the Windows 2000 KDC, due to
MS putting proprietary access control information into the tickets.
Derek
________________________________________________
One possible workaround for this problem is to disable the use of
"preauthentication" for those accounts. This will cause the Active
Directory KDC to NOT append the authorization data that bloats
the tickets. If the Kerberized services are not running in Windows,
this is probably OK as they would not be able to make use of the
PAC data anyway. Or if they are custom apps in Windows that
do not need to do the authorization checks based on the PAC field,
then that would also work.
-wyllys
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
