[28007] in Kerberos

home help back first fref pref prev next nref lref last post

kinit: KRB5 error code 52 while getting initial credentials

daemon@ATHENA.MIT.EDU (Ron Bass II)
Wed Jul 4 13:57:06 2007

Message-ID: <BAY113-W209A35DCD874BCE5C19E0EDF030@phx.gbl>
From: Ron Bass II <rfbass16@hotmail.com>
To: <kerberos@mit.edu>
Date: Wed, 4 Jul 2007 17:56:56 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu


I'm getting the following error on a Solaris 8 machine: kinit: KRB5 error code 52 while getting initial credentials 
 
So far my analysis shows this error to indicate the following: 0x34 - KRB_ERR_RESPONSE_TOO_BIG - Too much data 
 
According to a number of forums, some inheriant limitations exist with the Solaris 8 version of Kerberos concerning the number of group memberships a user may have.  In my Active Directory, each user is a member of possibly many groups.  To confirm this, I created a simple user with only membership to "Domain Users" and was able to run kinit without issue.
Also, I seen a number of forums reporting that the native version of Kerberos in Solaris 8 does not support TCP.  Apparently by default, once the package size of a Kerberos ticket reaches a specified max, TCP should be used.
 
I have the following Kerberos packages loaded: SUNWk5pk        kernel Kerberos V5 plug-in w/auth+privacy (32-bit) SUNWk5pkx       kernel Kerberos V5 plug-in w/auth+privacy (64-bit) SUNWk5pu        user Kerberos V5 gss mechanism w/auth+privacy (32-bit) SUNWk5pux       user Kerberos V5 gss mechanism w/auth+privacy (64-bit) 
 
Are updated packages for Kerberos available for Solaris 8 environments that can handle support for Kerberos over TCP and having a large number of group memberships?
_________________________________________________________________
Local listings, incredible imagery, and driving directions - all in one place! Find it!
http://maps.live.com/?wip=69&FORM=MGAC01
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post