TCP support for MIT Kerberos in HP-UX IA64

Vipul Mehta vipulmehta.1989 at gmail.com
Mon Apr 7 04:44:01 EDT 2014 

I've narrowed down the problem.

get_so_error() in sendto_kdc.c is returning error code 22 i.e. invalid
argument on getsockopt() call.

    e = getsockopt(fd, SOL_SOCKET, SO_ERROR, &sockerr, &sockerrlen);

This happens in first call to get_so_error() from service_tcp_fd().

PS : I've windows KDC and MIT Kerberos version 1.11.1


On Tue, Apr 1, 2014 at 4:59 PM, Vipul Mehta <vipulmehta.1989 at gmail.com>wrote:

> Hi,
>
> I am using mit kerberos library build  in HP-UX IA64 platform but not able
> to get credentials from keytab. Username - password case works fine.
>
> Same method in my API  to get credentials from keytab works fine in
> library build for other platforms( win32, linux, aix ).
>
> On debugging i found that user-pass authentication passes as it completely
> uses UDP.
> Getting credential from keytab gives KRB5KRB_ERR_RESPONSE_TOO_BIG error on
> UDP so it tries with TCP. But TCP connection with KDC fails leading to
> "Cannot contact any KDC for realm" error.
>
> I am using windows KDC here. Also tried with different HP-UX machine and
> different KDC. But facing same problem.
>
> When i set udp_preference_limit=1 in krb5.conf, then user-pass credential
> obtaining also started failing which proved that library is having problem
> with TCP connection.
>
> Following link which has changes in latest HP-UX Kerberos Client shows
> that they have somehow provided support for TCP:
>
> https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRB5CLIENT
>
> It Says : "Kerberos Client libraries can now use TCP to connect to KDC.
> This may be necessary for the libraries to communicate with Microsoft KDCs
> (domain controllers) if they issue tickets with excessive PAC data."
>
> I can't use libraries provided by HP. I need to use my own build.
> Is there any specific setting or build option that needs to be passed to
> enable TCP support in mit kerberos for HPUX-IA64 platform ?
>
> My configure command is as following:
> ./configure CC=aCC CFLAGS="-D__hpux +DD64 -D_HPUX_API_LEVEL=20040821"
> CPPFLAGS=+DD64 CXXFLAGS=+DD64
>
> --
> Regards,
> Vipul
>



-- 
Regards,
Vipul

More information about the Kerberos mailing list