MaxTokenSize is not a SEAM parameter. If the size of the token is too
large to fit in a single UDP datagram when PAC data is included, the KDC
switches to TCP.
I think Windows 2003 Server has a flag that can be set on the user principals
to force it to stop putting PAC data in the tickets for that user, which will
fix the problem.
For previous releases (Windows 2000 server), I *think* if you disable the use of pre-authentication for those users then that will also cause the AD KDC to stop issuing PAC data with those tickets.
-Wyllys
Tyson Oswald wrote:
So what is the MaxTokenSize in SEAM, I just got a formula from MS on what they use for 2003. Also we don't have this issue in SEAM for Solaris 8 so what's different?
thanks, Tyson Oswald
[EMAIL PROTECTED] wrote in message news:<[EMAIL PROTECTED]>...
SEAM 1.01 doesn't support TCP, later version on Solaris 10 support TCP
Hooshang
Kerberos experts,
I am using SEAM 1.01 on Solaris 9 and am authenticating to AD. When others try they fail the login with the "KRB5 error code 52" error. I read that this has something to do with UDP packet size and to try TCP. Is there a way in SEAM to have it use TCP rather then UDP, or to try UDP then TCP is that fails? I was hoping there was a configuration parameter in krb5.conf.
thanks, Tyson Oswald _______________________________________________
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
