Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 137611 - Kerberos 5 1.2 does not include support for contacting KDCs using TCP.
Kerberos 5 1.2 does not include support for contacting KDCs using TCP.
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: krb5 (Show other bugs)
3.0
All Linux
medium Severity high
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
:
Depends On:
Blocks: 114938 122008
  Show dependency treegraph
 
Reported: 2004-10-29 15:22 EDT by Nalin Dahyabhai
Modified: 2012-06-20 12:05 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-20 12:05:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nalin Dahyabhai 2004-10-29 15:22:52 EDT
Kerberos 5 1.2 does not include support for contacting KDCs using TCP.
This causes Kerberos error 52 (KRB_ERR_RESPONSE_TOO_BIG) in response
to a client KRB_AS_REQ or KRB_TGS_REQ requests to be passed back to
applications, which can do nothing about them.  The frequency of this
occurrence appears to be dependent on the number of groups to which
the user belongs.

Version-Release number of selected component (if applicable):
1.2.7-27

How reproducible:
Always, depending on the client principal.

Steps to Reproduce:
1. Configure Kerberos with a realm served by an AD KDC.
2. Attempt to run "kinit" as a user who is in many groups, such as
"Administrator".
  
Actual results:
Instead of an KRB_AS_REP reply or KRB_ERROR requesting
preauthentication, the client will receive a KRB_ERROR with error code
52 (KRB_ERR_RESPONSE_TOO_BIG).

Expected results:
"kinit" should run to completion, obtaining a TGT.

Additional info:
Kerberos 5 1.3 implements TCP support for both clients and KDCs,
though TCP support in KDCs is not a factor here (and is in fact
disabled by default in those releases).
Comment 2 Jiri Pallich 2012-06-20 12:05:46 EDT
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See https://access.redhat.com/support/policy/updates/errata/

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.

Note You need to log in before you can comment on or make changes to this bug.