Hello Douglas, Thanx for the response. I'll get the latest version from MIT and try again.
Regards, Bruce. -----Original Message----- From: Douglas E. Engert [mailto:[EMAIL PROTECTED] Sent: Friday, December 10, 2004 8:57 AM To: Wells, Bruce Cc: [EMAIL PROTECTED] Subject: Re: Kerberos error 52 (0x34) when using kinit Wells, Bruce wrote: > Hello All, > I'm getting the above error when I try to get the initial ticket using > kinit. The KDC is Windows 2003 and the client is running on linux. My > understanding of kerberos and the KDC in particular is that if the KDC > can't send the response back via UDP it will switch over to TCP. My > question is this: Does the client need to programmactically take an > action if it recieves this error or will this be taken care of "under > the hood"? Also the client side (linux), is there a way to force the > communication to occur using TCP? Depends on the release of the Kerberos. MIT 1.2.x did not support TCP, 1.3.x does. Its a recent addition to Java as well. Theylibs wil switch as needed. The krb5.conf [libdefaults] udp_preference_limit = nnn can be used to tell the client to use TCP if the message is over nnn bytes. Setting to 1 in effect says try TCP first. The problem is the ticket is large due to the PAC being included from AD. (IIRC) W2003 servers have a lower cut over size then W2000 servers. > > TIA, > Bruce E. Wells > > ---------------------------------------------------------------------- > -- > ------------------------- > ------------------------- > > CONFIDENTIALITY AND SECURITY NOTICE > > This e-mail contains information that may be confidential and > proprietary. It is to be read and used solely by the intended > recipient(s). > Citadel and its affiliates retain all proprietary rights they may have > in the information. If you are not an intended recipient, please > notify us immediately either by reply e-mail or by telephone at > 312-395-2100 and delete this e-mail (including any attachments hereto) > immediately without reading, disseminating, distributing or copying. > We cannot give any assurances that this e-mail and any attachments are > free of viruses and other harmful code. Citadel reserves the right to > monitor, intercept and block all communications involving its computer > systems. > > > > > > > > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos > > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ------------------------------------------------------------------------------------------------- ------------------------- CONFIDENTIALITY AND SECURITY NOTICE This e-mail contains information that may be confidential and proprietary. It is to be read and used solely by the intended recipient(s). Citadel and its affiliates retain all proprietary rights they may have in the information. If you are not an intended recipient, please notify us immediately either by reply e-mail or by telephone at 312-395-2100 and delete this e-mail (including any attachments hereto) immediately without reading, disseminating, distributing or copying. We cannot give any assurances that this e-mail and any attachments are free of viruses and other harmful code. Citadel reserves the right to monitor, intercept and block all communications involving its computer systems. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
