[OpenAFS-devel] Corrupted ticket sent in rx packet from Windows 1.3.7700
Douglas E. Engert
deengert@anl.gov
Mon, 17 Jan 2005 13:32:04 -0600
One user has been having problems with OpenAFS 1.3.7700 on Windows 2K.
Using Ethereal and tracing the KRB5 TGS_REP as it arrives, and the
RX response as it is sent shows that the last 85 bytes of the ticket
are corrupted somewhere in KfW or OpenAFS.
The Ticket len as reported by Ethereal in the RX packet is 1445 bytes
long, the first 1360 bytes of the ticket are valid.
So far we only have one trace, with one user, bu the user has
failed on more then one machine. We are attempting to get
a second user with a large ticket, Windows 2003 is the KDC,
so we need to create a user with a bigger PAC.
Some circumventions appear to be to install the AD NOPAC hotfix,
use aklog -m or gssklog. All of which reduce the size of the ticket
but don't fix the underlying problem.
At first we thought it might be a UDP fragmentation problem,
but we have traces with a ticket of size 1277 that fragments
but works correctly and is not corrupted.
The user had problems prior to 1.3.7700 too.
Any ideas?
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444