krb5 "Error Code 52" - UDP packet size - TCP fallback

Uli Schröder uli.schroeder at
Tue Jun 10 11:07:35 EDT 2003

Hi all together! Hi Ken! 

> >> Yep, client-side TCP support wasn't in that release.  The
> >> upcoming release from MIT will include it.
> >
> > Is that already included in the snapshot or 1.3-beta versions on the

> > internet? Did MIT announce an estimated time for a release?
> Yes, it's been in the 1.3 code base for quite a while.  Since well 
> before we started the 1.3 branch, I believe.
> I don't know if we've announced a time for the release, so I'll just 
> say "Real Soon Now". :-)

:-) Ok! This can mean a lot if an IT professional talks about "Real Soon
In the meantime I'll try if the current snapshot can solve my problems.

> > I didn't have the time to experiment with different conditions. I 
> > just used a very simple test account and my own account to check the

> > functionality. Yet still I am indeed in different groups that lots 
> > of other people are in as well.
> That might do it.  Is your test account (which I assume is also having

> the problem) also in lots of groups?

The test account is just a domain user with no other group memberships.
A kinit for him works (almost properly). At least no obvious error
message on the console. Nevertheless in Ethereal I can see an error
message. It says "KRB5KDC_ERR_PREAUTH_REQUIRED". I guess after that
error packet kinit tries a second time, this time with
Is there a way to configure Kerberos to use preauthentication
Nevertheless if I do a kinit for my my normal account it fails with
error code 52. No change between krb5-1.2.7 and krb5-1.3. Maybe it's a
mistake by me while configuring and compiling the snapshot. The binaries
are created and "make check" works. Still it looks to me like "make
install" doesn't copy the configuration files (i.e. krb5.conf) anywhere.
I used my old config file and checked for correct paths.


More information about the Kerberos mailing list