Kerberos error 52 (0x34) when using kinit

Douglas E. Engert deengert at anl.gov
Fri Dec 10 09:57:19 EST 2004 


Wells, Bruce wrote:

> Hello All, 
> I'm getting the above error when I try to get the initial ticket 
> using kinit. The KDC is Windows 2003 and the client is running 
> on linux. My understanding of kerberos and the KDC in particular 
> is that if the KDC can't send the response back via UDP it will switch 
> over to TCP. My question is this: Does the client need to
> programmactically 
> take an action if it recieves this error or will this be taken care of
> "under 
> the hood"? Also the client side (linux), is there a way to force the
> communication 
> to occur using TCP? 

Depends on the release of the Kerberos. MIT 1.2.x did not support TCP,
1.3.x does. Its a recent addition to Java as well. Theylibs wil switch
as needed.

The krb5.conf [libdefaults] udp_preference_limit = nnn
can be used to tell the client to use TCP if the message is over nnn
bytes. Setting to 1 in effect says try TCP first.

The problem is the ticket is large due to the PAC being included from AD.
(IIRC) W2003 servers have a lower cut over size then W2000 servers.

> 
> TIA, 
> Bruce E. Wells 
> 
> ------------------------------------------------------------------------
> -------------------------
> -------------------------
> 
> CONFIDENTIALITY AND SECURITY NOTICE
> 
> This e-mail contains information that may be confidential and 
> proprietary. It is to be read and used solely by the intended
> recipient(s). 
> Citadel and its affiliates retain all proprietary rights they may have
> in the 
> information. If you are not an intended recipient, please notify us 
> immediately either by reply e-mail or by telephone at 312-395-2100 
> and delete this e-mail (including any attachments hereto) immediately 
> without reading, disseminating, distributing or copying. We cannot give 
> any assurances that this e-mail and any attachments are free of viruses 
> and other harmful code. Citadel reserves the right to monitor, intercept
> and block all communications involving its computer systems.
> 
> 
> 
> 
> 
> 
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the Kerberos mailing list