KRB5 error code 52

Wyllys Ingersoll wyllys.ingersoll at
Thu Oct 7 14:31:19 EDT 2004

MaxTokenSize is not a SEAM parameter.     If the size of the token is too
large to fit in a single UDP datagram when PAC data is included,  the KDC
switches to TCP.   

I think Windows 2003 Server  has a flag that can be set on the user 
to force it to stop putting PAC data in the tickets for that user, which 
fix the problem.

For previous releases (Windows 2000 server), I *think* if you disable
the use of pre-authentication for those users then that will also cause the
AD KDC to stop issuing PAC data with those tickets.


Tyson Oswald wrote:

>So what is the MaxTokenSize in SEAM, I just got a formula from MS on
>what they use for 2003.  Also we don't have this issue in SEAM for
>Solaris 8 so what's different?
>Tyson Oswald
>h.dadgari at wrote in message news:<100520041836.10730.4162E9A70001ACE5000029EA2200750784079D0E090B0E0BD208 at>...
>>SEAM 1.01 doesn't support TCP, later version on Solaris 10 support TCP
>>>Kerberos experts,
>>>I am using SEAM 1.01 on Solaris 9 and am authenticating to AD.  When others try 
>>>they fail the login with the "KRB5 error code 52" error.  I read that this has 
>>>something to do with UDP packet size and to try TCP.  Is there a way in SEAM to 
>>>have it use TCP rather then UDP, or to try UDP then TCP is that fails?  I was 
>>>hoping there was a configuration parameter in krb5.conf.
>>>Tyson Oswald

More information about the Kerberos mailing list