Re: Kerberos error 52 (0x34) when using kinit

Fri, 10 Dec 2004 07:02:18 -0800 



Wells, Bruce wrote:

Hello All, I'm getting the above error when I try to get the initial ticket using kinit. The KDC is Windows 2003 and the client is running on linux. My understanding of kerberos and the KDC in particular is that if the KDC can't send the response back via UDP it will switch over to TCP. My question is this: Does the client need to
programmactically take an action if it recieves this error or will this be taken care of
"under the hood"? Also the client side (linux), is there a way to force the
communication to occur using TCP? 

Depends on the release of the Kerberos. MIT 1.2.x did not support TCP,
1.3.x does. Its a recent addition to Java as well. Theylibs wil switch
as needed.

The krb5.conf [libdefaults] udp_preference_limit = nnn
can be used to tell the client to use TCP if the message is over nnn
bytes. Setting to 1 in effect says try TCP first.

The problem is the ticket is large due to the PAC being included from AD.
(IIRC) W2003 servers have a lower cut over size then W2000 servers.


TIA, Bruce E. Wells 

------------------------------------------------------------------------
-------------------------
-------------------------

CONFIDENTIALITY AND SECURITY NOTICE

This e-mail contains information that may be confidential and proprietary. It is to be read and used solely by the intended
recipient(s). Citadel and its affiliates retain all proprietary rights they may have
in the information. If you are not an intended recipient, please notify us immediately either by reply e-mail or by telephone at 312-395-2100 and delete this e-mail (including any attachments hereto) immediately without reading, disseminating, distributing or copying. We cannot give any assurances that this e-mail and any attachments are free of viruses and other harmful code. Citadel reserves the right to monitor, intercept
and block all communications involving its computer systems.








________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos




--

 Douglas E. Engert  <[EMAIL PROTECTED]>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444
________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to