[36016] in Kerberos
Re: TCP support for MIT Kerberos in HP-UX IA64
daemon@ATHENA.MIT.EDU (Vipul Mehta)
Mon Apr 7 10:46:42 2014
MIME-Version: 1.0
In-Reply-To: <CAMeQEL8v5UCTD-PPifQ8e7-jY0YFBcDwOQ=tTWSvYeGxP3vxxw@mail.gmail.com>
Date: Mon, 7 Apr 2014 14:14:01 +0530
Message-ID: <CAMeQEL9whEjrSbwSrFu-fFw6EMDOMk5xuO3rVvbhmJmRevBOcw@mail.gmail.com>
From: Vipul Mehta <vipulmehta.1989@gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I've narrowed down the problem.
get_so_error() in sendto_kdc.c is returning error code 22 i.e. invalid
argument on getsockopt() call.
e = getsockopt(fd, SOL_SOCKET, SO_ERROR, &sockerr, &sockerrlen);
This happens in first call to get_so_error() from service_tcp_fd().
PS : I've windows KDC and MIT Kerberos version 1.11.1
On Tue, Apr 1, 2014 at 4:59 PM, Vipul Mehta <vipulmehta.1989@gmail.com>wrote:
> Hi,
>
> I am using mit kerberos library build in HP-UX IA64 platform but not able
> to get credentials from keytab. Username - password case works fine.
>
> Same method in my API to get credentials from keytab works fine in
> library build for other platforms( win32, linux, aix ).
>
> On debugging i found that user-pass authentication passes as it completely
> uses UDP.
> Getting credential from keytab gives KRB5KRB_ERR_RESPONSE_TOO_BIG error on
> UDP so it tries with TCP. But TCP connection with KDC fails leading to
> "Cannot contact any KDC for realm" error.
>
> I am using windows KDC here. Also tried with different HP-UX machine and
> different KDC. But facing same problem.
>
> When i set udp_preference_limit=1 in krb5.conf, then user-pass credential
> obtaining also started failing which proved that library is having problem
> with TCP connection.
>
> Following link which has changes in latest HP-UX Kerberos Client shows
> that they have somehow provided support for TCP:
>
> https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRB5CLIENT
>
> It Says : "Kerberos Client libraries can now use TCP to connect to KDC.
> This may be necessary for the libraries to communicate with Microsoft KDCs
> (domain controllers) if they issue tickets with excessive PAC data."
>
> I can't use libraries provided by HP. I need to use my own build.
> Is there any specific setting or build option that needs to be passed to
> enable TCP support in mit kerberos for HPUX-IA64 platform ?
>
> My configure command is as following:
> ./configure CC=aCC CFLAGS="-D__hpux +DD64 -D_HPUX_API_LEVEL=20040821"
> CPPFLAGS=+DD64 CXXFLAGS=+DD64
>
> --
> Regards,
> Vipul
>
--
Regards,
Vipul
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
