TCP support for MIT Kerberos in HP-UX IA64

Vipul Mehta vipulmehta.1989 at gmail.com
Tue Apr 1 07:29:07 EDT 2014


Hi,

I am using mit kerberos library build  in HP-UX IA64 platform but not able
to get credentials from keytab. Username - password case works fine.

Same method in my API  to get credentials from keytab works fine in library
build for other platforms( win32, linux, aix ).

On debugging i found that user-pass authentication passes as it completely
uses UDP.
Getting credential from keytab gives KRB5KRB_ERR_RESPONSE_TOO_BIG error on
UDP so it tries with TCP. But TCP connection with KDC fails leading to
"Cannot contact any KDC for realm" error.

I am using windows KDC here. Also tried with different HP-UX machine and
different KDC. But facing same problem.

When i set udp_preference_limit=1 in krb5.conf, then user-pass credential
obtaining also started failing which proved that library is having problem
with TCP connection.

Following link which has changes in latest HP-UX Kerberos Client shows that
they have somehow provided support for TCP:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRB5CLIENT

It Says : "Kerberos Client libraries can now use TCP to connect to KDC.
This may be necessary for the libraries to communicate with Microsoft KDCs
(domain controllers) if they issue tickets with excessive PAC data."

I can't use libraries provided by HP. I need to use my own build.
Is there any specific setting or build option that needs to be passed to
enable TCP support in mit kerberos for HPUX-IA64 platform ?

My configure command is as following:
./configure CC=aCC CFLAGS="-D__hpux +DD64 -D_HPUX_API_LEVEL=20040821"
CPPFLAGS=+DD64 CXXFLAGS=+DD64

-- 
Regards,
Vipul


More information about the Kerberos mailing list