krb5 "Error Code 52" - UDP packet size - TCP fallback

Ken Raeburn raeburn at MIT.EDU
Fri Jun 6 16:11:15 EDT 2003

> When I run kinit for my testuser it works fine. The testuser ist just a 
> member of the domain with read access to the directory. No other groups 
> or permissions. When I try to do a kinit for my own account with all its 
> group memberships, etc., I just get the error code 52. I read on the 
> internet that this is because the Windows 2000 server switches from UDP 
> to TCP if the maximum packet size is exceeded. I think this happens with 
> all my "normal" users.

Yep, client-side TCP support wasn't in that release.  The upcoming
release from MIT will include it.

> It seems like a lot of people managed to authenticate against AD. 
> Maybesomeone can help me with this problem and tell me how he solved it.

Do you define a very large number of groups for access control that
lots of people are in?  That's how we set my account up to fail in the
UDP-only case, for testing purposes...


More information about the Kerberos mailing list