Hello, Kevin, Yes you are right , My KDC in domain xx.com is Windows and my cleint test.co.yy is a Linux client with krb51.2.7. my client does not have a KDC in the domain co.yy . So no kerberos environment. I have gone for krb51.2.7 and i did some changes to the mapping in domain realm section in krb5.conf file.
Now this error seems strange. What should i do? u have told me to go for new upgrade. let me tell you one more scenario. I created a test client machine in KDC domain xx.com. The machine hostname pilot.xx.com i have gone for krb51.2.7 and this does not give any issues when doing Kinit for ticket. It was successful So then what is the issue with old version of kerberos? one doubt is that my pilotserver (pilot.xx.com) was in the same domain as my KDC (xx.com). my test server (test.co.yy) is not in same domain .The domain is (co.yy) and there is no KDC. I have modified Domain realm section for mapping my test client with the KDC domain xx.com. Please help me solve this issue . 1.why the version problem didnt occur in my pilot server scenario under the KDC domain. 2. why am i geting the error in test machine in another domain with no KDC and mapping is done for cross domain. Thanks Sunil C Kevin Coffman wrote: > > On Wed, Mar 12, 2008 at 2:05 AM, sunilcnair <[EMAIL PROTECTED]> > wrote: >> >> Hello all, >> >> i am Sunil C. i have a domain named xx.com which has a KDC. >> i also have a domain co.yy where my server is. there is no KDC in it. >> >> users are in xx.com domain. >> >> but my servers are in (co.yy) domain. >> >> i had set up a test scenario with a user and a server in domain (xx.com) >> since KDc was setup i got ticket and was able to authenticate well using >> kerberos. >> >> my issue is that all my production servers are in domain (co.yy) which >> doesnt have a KDC. i want to authenticate and use the server services in >> that domain. >> setting up KDC is not feasible in both domains for me. >> >> now i have done some configuration in krb5.conf file on my server >> (test.co.yy) >> >> [domain_realm] >> xx.com = XX.COM >> .xx.com = XX.COM >> co.yy = XX.COM >> .co.yy = XX.COM >> >> this shows that my domain co.yy which doesnnot have a KDC , i have >> mapped it >> to the realm XX.COM . >> >> now i have some issues. >> >> 1) i tried to get a keytab from the KDC of XX.COM ( my server in co.yy) >> >> > ktpass -princ HTTP/[EMAIL PROTECTED] >> >> 2) i somehow managed to get a keytab . >> i copied into Apache folder and executed the command. >> >> kinit -t /usr/local/apache/test03keytab HTTP/[EMAIL PROTECTED] >> password: xxxx >> >> error : kinit(v5) : KRB5 error code 52 while getting initial credentials >> >> Please help me understand what is this erro.. is it some issue with >> domain >> mapping configuration in krb5.conf file? i am using kerberos 1.2.7 >> version. >> >> Thanks >> >> Sunil C >> > > Error 52 is KRB5KRB_ERR_RESPONSE_TOO_BIG (see krb5.h). This means > that the response is too big for a UDP packet. It is not clear from > your description, but I'm assuming that your KDC is an Active > Directory KDC, and your client is krb5-1.2.7. That is an ancient > version and I'd suggest upgrading. I believe that version does not > have TCP support. If it did, it would attempt switching to TCP when > seeing this error. > > K.C. > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- View this message in context: http://www.nabble.com/KRB5-error-code-52-while-getting-initial-credentials-tp15998090p16022039.html Sent from the Kerberos - General mailing list archive at Nabble.com. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos