Kerberos error 52 (0x34) when using kinit

Wells, Bruce Bruce.Wells at citadelgroup.com
Fri Dec 10 12:45:53 EST 2004 

Hello Douglas,
Thanx for the response. I'll get the latest version from MIT and try
again.

Regards,
Bruce. 

-----Original Message-----
From: Douglas E. Engert [mailto:deengert at anl.gov] 
Sent: Friday, December 10, 2004 8:57 AM
To: Wells, Bruce
Cc: kerberos at mit.edu
Subject: Re: Kerberos error 52 (0x34) when using kinit



Wells, Bruce wrote:

> Hello All,
> I'm getting the above error when I try to get the initial ticket using

> kinit. The KDC is Windows 2003 and the client is running on linux. My 
> understanding of kerberos and the KDC in particular is that if the KDC

> can't send the response back via UDP it will switch over to TCP. My 
> question is this: Does the client need to programmactically take an 
> action if it recieves this error or will this be taken care of "under 
> the hood"? Also the client side (linux), is there a way to force the 
> communication to occur using TCP?

Depends on the release of the Kerberos. MIT 1.2.x did not support TCP,
1.3.x does. Its a recent addition to Java as well. Theylibs wil switch
as needed.

The krb5.conf [libdefaults] udp_preference_limit = nnn can be used to
tell the client to use TCP if the message is over nnn bytes. Setting to
1 in effect says try TCP first.

The problem is the ticket is large due to the PAC being included from
AD.
(IIRC) W2003 servers have a lower cut over size then W2000 servers.

> 
> TIA,
> Bruce E. Wells
> 
> ----------------------------------------------------------------------
> --
> -------------------------
> -------------------------
> 
> CONFIDENTIALITY AND SECURITY NOTICE
> 
> This e-mail contains information that may be confidential and 
> proprietary. It is to be read and used solely by the intended 
> recipient(s).
> Citadel and its affiliates retain all proprietary rights they may have

> in the information. If you are not an intended recipient, please 
> notify us immediately either by reply e-mail or by telephone at 
> 312-395-2100 and delete this e-mail (including any attachments hereto)

> immediately without reading, disseminating, distributing or copying. 
> We cannot give any assurances that this e-mail and any attachments are

> free of viruses and other harmful code. Citadel reserves the right to 
> monitor, intercept and block all communications involving its computer

> systems.
> 
> 
> 
> 
> 
> 
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
-------------------------------------------------------------------------------------------------
-------------------------

CONFIDENTIALITY AND SECURITY NOTICE

This e-mail contains information that may be confidential and 
proprietary. It is to be read and used solely by the intended recipient(s). 
Citadel and its affiliates retain all proprietary rights they may have in the 
information. If you are not an intended recipient, please notify us 
immediately either by reply e-mail or by telephone at 312-395-2100 
and delete this e-mail (including any attachments hereto) immediately 
without reading, disseminating, distributing or copying. We cannot give 
any assurances that this e-mail and any attachments are free of viruses 
and other harmful code. Citadel reserves the right to monitor, intercept 
and block all communications involving its computer systems.

More information about the Kerberos mailing list