krb5 "Error Code 52" - UDP packet size - TCP fallback
raeburn at MIT.EDU
Fri Jun 6 16:11:15 EDT 2003
> When I run kinit for my testuser it works fine. The testuser ist just a
> member of the domain with read access to the directory. No other groups
> or permissions. When I try to do a kinit for my own account with all its
> group memberships, etc., I just get the error code 52. I read on the
> internet that this is because the Windows 2000 server switches from UDP
> to TCP if the maximum packet size is exceeded. I think this happens with
> all my "normal" users.
Yep, client-side TCP support wasn't in that release. The upcoming
release from MIT will include it.
> It seems like a lot of people managed to authenticate against AD.
> Maybesomeone can help me with this problem and tell me how he solved it.
Do you define a very large number of groups for access control that
lots of people are in? That's how we set my account up to fail in the
UDP-only case, for testing purposes...
More information about the Kerberos