Bug 137611 - Kerberos 5 1.2 does not include support for contacting KDCs using TCP.
Summary: Kerberos 5 1.2 does not include support for contacting KDCs using TCP.
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: krb5 (Show other bugs)
(Show other bugs)
Version: 3.0
Hardware: All Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
Depends On:
Blocks: 114938 122008
TreeView+ depends on / blocked
Reported: 2004-10-29 19:22 UTC by Nalin Dahyabhai
Modified: 2012-06-20 16:05 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-20 16:05:46 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Nalin Dahyabhai 2004-10-29 19:22:52 UTC
Kerberos 5 1.2 does not include support for contacting KDCs using TCP.
This causes Kerberos error 52 (KRB_ERR_RESPONSE_TOO_BIG) in response
to a client KRB_AS_REQ or KRB_TGS_REQ requests to be passed back to
applications, which can do nothing about them.  The frequency of this
occurrence appears to be dependent on the number of groups to which
the user belongs.

Version-Release number of selected component (if applicable):

How reproducible:
Always, depending on the client principal.

Steps to Reproduce:
1. Configure Kerberos with a realm served by an AD KDC.
2. Attempt to run "kinit" as a user who is in many groups, such as
Actual results:
Instead of an KRB_AS_REP reply or KRB_ERROR requesting
preauthentication, the client will receive a KRB_ERROR with error code

Expected results:
"kinit" should run to completion, obtaining a TGT.

Additional info:
Kerberos 5 1.3 implements TCP support for both clients and KDCs,
though TCP support in KDCs is not a factor here (and is in fact
disabled by default in those releases).

Comment 2 Jiri Pallich 2012-06-20 16:05:46 UTC
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See https://access.redhat.com/support/policy/updates/errata/

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.

Note You need to log in before you can comment on or make changes to this bug.