TCP support for MIT Kerberos in HP-UX IA64
Mauricio Tavares
raubvogel at gmail.com
Tue Apr 1 12:33:31 EDT 2014
On Tue, Apr 1, 2014 at 7:29 AM, Vipul Mehta <vipulmehta.1989 at gmail.com> wrote:
> Hi,
>
> I am using mit kerberos library build in HP-UX IA64 platform but not able
> to get credentials from keytab. Username - password case works fine.
>
> Same method in my API to get credentials from keytab works fine in library
> build for other platforms( win32, linux, aix ).
>
> On debugging i found that user-pass authentication passes as it completely
> uses UDP.
> Getting credential from keytab gives KRB5KRB_ERR_RESPONSE_TOO_BIG error on
> UDP so it tries with TCP. But TCP connection with KDC fails leading to
> "Cannot contact any KDC for realm" error.
>
> I am using windows KDC here. Also tried with different HP-UX machine and
> different KDC. But facing same problem.
>
> When i set udp_preference_limit=1 in krb5.conf, then user-pass credential
> obtaining also started failing which proved that library is having problem
> with TCP connection.
>
> Following link which has changes in latest HP-UX Kerberos Client shows that
> they have somehow provided support for TCP:
> https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRB5CLIENT
>
> It Says : "Kerberos Client libraries can now use TCP to connect to KDC.
> This may be necessary for the libraries to communicate with Microsoft KDCs
> (domain controllers) if they issue tickets with excessive PAC data."
>
> I can't use libraries provided by HP. I need to use my own build.
> Is there any specific setting or build option that needs to be passed to
> enable TCP support in mit kerberos for HPUX-IA64 platform ?
>
Is your Windows KDC (I take an AD server) offering TCP kerberos?
> My configure command is as following:
> ./configure CC=aCC CFLAGS="-D__hpux +DD64 -D_HPUX_API_LEVEL=20040821"
> CPPFLAGS=+DD64 CXXFLAGS=+DD64
>
> --
> Regards,
> Vipul
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list