Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 137611 - Kerberos 5 1.2 does not include support for contacting KDCs using TCP.
Kerberos 5 1.2 does not include support for contacting KDCs using TCP.
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: krb5 (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
Depends On:
Blocks: 114938 122008
  Show dependency treegraph
Reported: 2004-10-29 15:22 EDT by Nalin Dahyabhai
Modified: 2012-06-20 12:05 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-20 12:05:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Nalin Dahyabhai 2004-10-29 15:22:52 EDT
Kerberos 5 1.2 does not include support for contacting KDCs using TCP.
This causes Kerberos error 52 (KRB_ERR_RESPONSE_TOO_BIG) in response
to a client KRB_AS_REQ or KRB_TGS_REQ requests to be passed back to
applications, which can do nothing about them.  The frequency of this
occurrence appears to be dependent on the number of groups to which
the user belongs.

Version-Release number of selected component (if applicable):

How reproducible:
Always, depending on the client principal.

Steps to Reproduce:
1. Configure Kerberos with a realm served by an AD KDC.
2. Attempt to run "kinit" as a user who is in many groups, such as
Actual results:
Instead of an KRB_AS_REP reply or KRB_ERROR requesting
preauthentication, the client will receive a KRB_ERROR with error code

Expected results:
"kinit" should run to completion, obtaining a TGT.

Additional info:
Kerberos 5 1.3 implements TCP support for both clients and KDCs,
though TCP support in KDCs is not a factor here (and is in fact
disabled by default in those releases).
Comment 2 Jiri Pallich 2012-06-20 12:05:46 EDT
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See https://access.redhat.com/support/policy/updates/errata/

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.

Note You need to log in before you can comment on or make changes to this bug.