[28007] in Kerberos
kinit: KRB5 error code 52 while getting initial credentials
daemon@ATHENA.MIT.EDU (Ron Bass II)
Wed Jul 4 13:57:06 2007
Message-ID: <BAY113-W209A35DCD874BCE5C19E0EDF030@phx.gbl>
From: Ron Bass II <rfbass16@hotmail.com>
To: <kerberos@mit.edu>
Date: Wed, 4 Jul 2007 17:56:56 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I'm getting the following error on a Solaris 8 machine: kinit: KRB5 error code 52 while getting initial credentials
So far my analysis shows this error to indicate the following: 0x34 - KRB_ERR_RESPONSE_TOO_BIG - Too much data
According to a number of forums, some inheriant limitations exist with the Solaris 8 version of Kerberos concerning the number of group memberships a user may have. In my Active Directory, each user is a member of possibly many groups. To confirm this, I created a simple user with only membership to "Domain Users" and was able to run kinit without issue.
Also, I seen a number of forums reporting that the native version of Kerberos in Solaris 8 does not support TCP. Apparently by default, once the package size of a Kerberos ticket reaches a specified max, TCP should be used.
I have the following Kerberos packages loaded: SUNWk5pk kernel Kerberos V5 plug-in w/auth+privacy (32-bit) SUNWk5pkx kernel Kerberos V5 plug-in w/auth+privacy (64-bit) SUNWk5pu user Kerberos V5 gss mechanism w/auth+privacy (32-bit) SUNWk5pux user Kerberos V5 gss mechanism w/auth+privacy (64-bit)
Are updated packages for Kerberos available for Solaris 8 environments that can handle support for Kerberos over TCP and having a large number of group memberships?
_________________________________________________________________
Local listings, incredible imagery, and driving directions - all in one place! Find it!
http://maps.live.com/?wip=69&FORM=MGAC01
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos