Dave Daugherty dave.daugherty at
Thu May 11 23:58:05 GMT 2006

Thanks for the article pointer.  Yes we have tripped over kpasswd and
large PACs too.

It could be that was the problem - we were working on limited
information.  My quick reading of the article is that it only discards
if the UDP frags arrive out of order - we never got any responses.  

I think the moral is to only ask for the actual attributes that you are
interested in.

Dave Daugherty
Centrify Corp.

-----Original Message-----
From: Luke Howard [mailto:lukeh at] 
Sent: Thursday, May 11, 2006 4:42 PM
To: Dave Daugherty
Cc: jerry at; jmcd at; idra at; tridge at;
samba-technical at; samba-technical at
Subject: RE: cldap

I'm the last person you'd ask about TCP/IP, but doesn't it have
to do with fragmented UDP packets being typically dropped by firewalls?

Hence the support for TCP in Kerberos:

-- Luke


More information about the samba-technical mailing list