kinit fails against active directory 2003-sp2 when user has > ~35 groups
Russ Allbery
rra at stanford.edu
Mon Feb 5 14:04:22 EST 2007
Jeff Saxton <jeff.saxton at sensage.com> writes:
> I am seeing kinit fail against M$ Active directory when the
> user has > ~35 group memberships. anyone else seen this?
> kinit(v5): ASN.1 encoding ended unexpectedly while getting initial credentials
> when the number of group memberships are reduced to < 20 it works!
You need a kinit that can fall back to TCP for long responses. Current
versions of MIT Kerberos should do this.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list