kinit: KRB5 error code 52 while getting initial credentials

Ron Bass II rfbass16 at hotmail.com
Tue Jul 10 21:10:19 EDT 2007 

Thanks for the update Will.  I'll look into Solaris 10...> Date: Mon, 9 Jul 2007 15:43:48 -0500> From: William.Fiveash at sun.com> To: rfbass16 at hotmail.com> CC: kerberos at mit.edu> Subject: Re: kinit: KRB5 error code 52 while getting initial credentials> > On Wed, Jul 04, 2007 at 05:56:56PM +0000, Ron Bass II wrote:> > > > I'm getting the following error on a Solaris 8 machine: kinit: KRB5> > error code 52 while getting initial credentials > > > > So far my analysis shows this error to indicate the following: 0x34 -> > KRB_ERR_RESPONSE_TOO_BIG - Too much data > > > > According to a number of forums, some inheriant limitations exist with> > the Solaris 8 version of Kerberos concerning the number of group> > memberships a user may have. In my Active Directory, each user is a> > member of possibly many groups. To confirm this, I created a simple> > user with only membership to "Domain Users" and was able to run kinit> > without issue. Also, I seen a number of forums reporting that the> > native version of Kerberos in Solaris 8 does not support TCP.> > Apparently by default, once the package size of a Kerberos ticket> > reaches a specified max, TCP should be used.> > Support for TCP in Solaris Kerberos was introduced in Solaris 10.> > > I have the following Kerberos packages loaded: SUNWk5pk kernel> > Kerberos V5 plug-in w/auth+privacy (32-bit) SUNWk5pkx kernel> > Kerberos V5 plug-in w/auth+privacy (64-bit) SUNWk5pu user> > Kerberos V5 gss mechanism w/auth+privacy (32-bit) SUNWk5pux user> > Kerberos V5 gss mechanism w/auth+privacy (64-bit) > > > > Are updated packages for Kerberos available for Solaris 8 environments> > that can handle support for Kerberos over TCP and having a large> > number of group memberships?> > There are no Solaris 8 packages to provide Kerberos over TCP at this> point. If you have a customer service agreement you can make a request> through your Sun service rep. for TCP/Kerberos support in Solaris 8.> There is no guarantee that Sun will do this as there are costs to doing> this and this support is available in Solaris 10. In fact Solaris 10> has a number of Kerberos improvements that make interop with a MS AD> easier.> > -- > Will Fiveash> Sun Microsystems Inc.> Austin, TX, USA (TZ=CST6CDT)
_________________________________________________________________
See what you’re getting into…before you go there.
http://newlivehotmail.com

More information about the Kerberos mailing list