[PATCH] Allow Kerberos CHANGEPW request to fallback to TCP

Jeremy Allison jra at samba.org
Fri Apr 7 01:16:26 GMT 2006

On Wed, Mar 22, 2006 at 01:49:48PM -0800, todd stecher wrote:
> The KPASSWD implementation included in Samba 3.x (libads/krb5_setpw.c)
> can easily fail during net ads join operations if the user doing the
> join is a member of > 300 groups.  This is because the MS KDC will
> respond with an error reply of "KRB5KRB_ERR_RESPONSE_TOO_BIG," requiring
> a switch to TCP and a resend of the KPASSWD message.  The current Samba
> codebase does not handle this transition (nor, btw, does the MIT
> Kerberos code).

Hi Todd,

	Did you ever update this patch or shall I run with the
version you posted ?


More information about the samba-technical mailing list