kinit: KRB5 error code 52 while getting initial credentials - Kerberos

This is a discussion on kinit: KRB5 error code 52 while getting initial credentials - Kerberos ; I'm getting the following error on a Solaris 8 machine: kinit: KRB5 error code 52 while getting initial credentials So far my analysis shows this error to indicate the following: 0x34 - KRB_ERR_RESPONSE_TOO_BIG - Too much data According to a ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: kinit: KRB5 error code 52 while getting initial credentials

  1. kinit: KRB5 error code 52 while getting initial credentials


    I'm getting the following error on a Solaris 8 machine: kinit: KRB5 error code 52 while getting initial credentials

    So far my analysis shows this error to indicate the following: 0x34 - KRB_ERR_RESPONSE_TOO_BIG - Too much data

    According to a number of forums, some inheriant limitations exist with the Solaris 8 version of Kerberos concerning the number of group memberships a user may have. In my Active Directory, each user is a member of possibly many groups. To confirm this, I created a simple user with only membership to "Domain Users" and was able to run kinit without issue.
    Also, I seen a number of forums reporting that the native version of Kerberos in Solaris 8 does not support TCP. Apparently by default, once the package size of a Kerberos ticket reaches a specified max, TCP should be used.

    I have the following Kerberos packages loaded: SUNWk5pk kernel Kerberos V5 plug-in w/auth+privacy (32-bit) SUNWk5pkx kernel Kerberos V5 plug-in w/auth+privacy (64-bit) SUNWk5pu user Kerberos V5 gss mechanism w/auth+privacy (32-bit) SUNWk5pux user Kerberos V5 gss mechanism w/auth+privacy (64-bit)

    Are updated packages for Kerberos available for Solaris 8 environments that can handle support for Kerberos over TCP and having a large number of group memberships?
    __________________________________________________ _______________
    Local listings, incredible imagery, and driving directions - all in one place! Find it!
    http://maps.live.com/?wip=69&FORM=MGAC01
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: kinit: KRB5 error code 52 while getting initial credentials

    On Wed, Jul 04, 2007 at 05:56:56PM +0000, Ron Bass II wrote:
    >
    > I'm getting the following error on a Solaris 8 machine: kinit: KRB5
    > error code 52 while getting initial credentials
    >
    > So far my analysis shows this error to indicate the following: 0x34 -
    > KRB_ERR_RESPONSE_TOO_BIG - Too much data
    >
    > According to a number of forums, some inheriant limitations exist with
    > the Solaris 8 version of Kerberos concerning the number of group
    > memberships a user may have. In my Active Directory, each user is a
    > member of possibly many groups. To confirm this, I created a simple
    > user with only membership to "Domain Users" and was able to run kinit
    > without issue. Also, I seen a number of forums reporting that the
    > native version of Kerberos in Solaris 8 does not support TCP.
    > Apparently by default, once the package size of a Kerberos ticket
    > reaches a specified max, TCP should be used.


    Support for TCP in Solaris Kerberos was introduced in Solaris 10.

    > I have the following Kerberos packages loaded: SUNWk5pk kernel
    > Kerberos V5 plug-in w/auth+privacy (32-bit) SUNWk5pkx kernel
    > Kerberos V5 plug-in w/auth+privacy (64-bit) SUNWk5pu user
    > Kerberos V5 gss mechanism w/auth+privacy (32-bit) SUNWk5pux user
    > Kerberos V5 gss mechanism w/auth+privacy (64-bit)
    >
    > Are updated packages for Kerberos available for Solaris 8 environments
    > that can handle support for Kerberos over TCP and having a large
    > number of group memberships?


    There are no Solaris 8 packages to provide Kerberos over TCP at this
    point. If you have a customer service agreement you can make a request
    through your Sun service rep. for TCP/Kerberos support in Solaris 8.
    There is no guarantee that Sun will do this as there are costs to doing
    this and this support is available in Solaris 10. In fact Solaris 10
    has a number of Kerberos improvements that make interop with a MS AD
    easier.

    --
    Will Fiveash
    Sun Microsystems Inc.
    Austin, TX, USA (TZ=CST6CDT)

+ Reply to Thread