[PATCH] Allow Kerberos CHANGEPW request to fallback to TCP
jra at samba.org
Fri Apr 7 01:16:26 GMT 2006
On Wed, Mar 22, 2006 at 01:49:48PM -0800, todd stecher wrote:
> The KPASSWD implementation included in Samba 3.x (libads/krb5_setpw.c)
> can easily fail during net ads join operations if the user doing the
> join is a member of > 300 groups. This is because the MS KDC will
> respond with an error reply of "KRB5KRB_ERR_RESPONSE_TOO_BIG," requiring
> a switch to TCP and a resend of the KPASSWD message. The current Samba
> codebase does not handle this transition (nor, btw, does the MIT
> Kerberos code).
Did you ever update this patch or shall I run with the
version you posted ?
More information about the samba-technical