[19401] in Kerberos
Re: krb5 "Error Code 52" - UDP packet size - TCP fallback
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Uli_Schr=F6der?=)
Wed Jun 11 12:07:48 2003
From: =?iso-8859-1?Q?Uli_Schr=F6der?= <zuhause@ulischroeder.com>
To: <raeburn@mit.edu>
Date: Wed, 11 Jun 2003 18:07:25 +0200
Message-ID: <000001c33033$8d1031e0$01c7a8c0@merkur>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
"Ken Raeburn" <raeburn@mit.edu> schrieb im Newsbeitrag
news:tx1of15se7f.fsf@mit.edu...
> ...
> > Nevertheless if I do a kinit for my my normal account it fails with
> > error code 52. No change between krb5-1.2.7 and krb5-1.3.
>
> Is it saying "KRB5 error code 52" exactly? That shouldn't be in the
> source code for the 1.3 snapshot. The error message is now "Response
> too big for UDP, retry with TCP", and shouldn't be displayed unless
> the server sends that error code over a TCP connection, or the client
> library thinks that TCP service isn't available for some reason, which
> should only happen if you have DNS SRV records that indicate only UDP
> service is available (try "dig _kerberos._udp.REALMNAME srv", and try
> with _tcp instead of _udp) and the config files don't list the KDCs at
> all.
I had another kinit in the my path. I wasn't aware of that. I thought I
had deleted all the old stuff. Now the new kinit workes great. I can use
kinit with my own account. No more error 52! :)
As usual a new problem came up after that. I cannot compile pam_krb5
anymore. Maybe I have to use different linking options.
Which pam_krb5 package would you recommend? I tried the one shipped with
RH9. I think the one at sourceforge is a different one. Are there any
plans to include a pam_krb5 in the distribution. Would be very
convenient. :-)
> If you are getting the "52" message, that may mean you aren't actually
> getting the 1.3 snapshot code for some reason. (Did you build with
> shared libraries, and run programs in the build tree without
> installing the libraries? I've done that sometimes.)
Indeed, I compiled as shared libs. I thought libraries are installed
when I do "make install"!?
> ...
> No, config files aren't installed by default.
>
> We should probably consider installing some as "examples", avoiding
> overwriting any installed versions. But, at the same time, we
> probably want to move towards needing as little in them as possible,
> perhaps to the point of not needing them at all if we're really lucky.
I think this would be a good idea. At least it would be a bit more
comfortable.
Maybe I have to change this thread to the devel oder snapshot newsgroup.
Thanks for your great help so far! As I haven't done a lot with Linux,
Kerberos and PAM so far I'm thankful for any hint I can get.
Cheers,
Uli
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
