TCP / DNS lookup Support for KPASSWD
tstecher at isilon.com
Wed Feb 1 18:20:56 EST 2006
Been a long time since I spoke with you guys, hope all is well.
A client running Samba to integrate into a Windows realm is using 1.4.1
of the MIT distribution.
In their testing with a principal who is a member of a large number of
groups (large PAC), the KPASSWD client is trying UDP 2 times, and
failing with KRB5KRB_ERR_RESPONSE_TOO_BIG. However, it is never trying
TCP - my reading of the code in changepw.c indicates that even when a
DNS SRV record for _kpasswd exists, TCP will never try to connect.
Note that krb5.conf doesn't have any static kpasswd information
registered in it.
I'm considering "fixing" this for them in code after I verify my
findings in a debugger - is this something which is already enabled in
some beta somewhere?
More information about the krbdev