KRB5 error code 52
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Thu Oct 7 14:31:19 EDT 2004
MaxTokenSize is not a SEAM parameter. If the size of the token is too
large to fit in a single UDP datagram when PAC data is included, the KDC
switches to TCP.
I think Windows 2003 Server has a flag that can be set on the user
principals
to force it to stop putting PAC data in the tickets for that user, which
will
fix the problem.
For previous releases (Windows 2000 server), I *think* if you disable
the use of pre-authentication for those users then that will also cause the
AD KDC to stop issuing PAC data with those tickets.
-Wyllys
Tyson Oswald wrote:
>So what is the MaxTokenSize in SEAM, I just got a formula from MS on
>what they use for 2003. Also we don't have this issue in SEAM for
>Solaris 8 so what's different?
>
>thanks,
>Tyson Oswald
>
>h.dadgari at comcast.net wrote in message news:<100520041836.10730.4162E9A70001ACE5000029EA2200750784079D0E090B0E0BD208 at comcast.net>...
>
>
>>SEAM 1.01 doesn't support TCP, later version on Solaris 10 support TCP
>>
>>Hooshang
>>
>>
>>
>>
>>>Kerberos experts,
>>>
>>>I am using SEAM 1.01 on Solaris 9 and am authenticating to AD. When others try
>>>they fail the login with the "KRB5 error code 52" error. I read that this has
>>>something to do with UDP packet size and to try TCP. Is there a way in SEAM to
>>>have it use TCP rather then UDP, or to try UDP then TCP is that fails? I was
>>>hoping there was a configuration parameter in krb5.conf.
>>>
>>>thanks,
>>>Tyson Oswald
>>>_______________________________________________
>>>
More information about the Kerberos
mailing list