Re: Kerberos UDP vs TCP
- From: Paul Nelson <paulnelsontx@xxxxxxxxx>
- Date: Tue, 14 Nov 2006 17:18:26 -0600
Kerberos is supposed to automatically switch to TCP if its message size
exceeds what UDP can handle. Kerberos messages get large when PAC data is
included in tickets (which seems to be most of the time now). There is so
little difference in overhead using TCP, that you don't notice it.
Kerberos is one of the few protocols that still uses UDP - most everything
else uses TCP. Because of this, using Kerberos over TCP should always work
correctly.
Paul Nelson
Thursby Software Systems, Inc.
in article AB16D9B0-A2DA-48C0-8015-ADF6022D6FD2@xxxxxxxxxxxxx, paolo
valsecchi at paolovalsecchi@xxxxxxxxxxxxxxxxxxxxxxxxx wrote on 11/14/06 3:18
AM:
Hi everybody
I'm facing some problems with Kerberos authentication using UDP protocol.
As suggested by Microsoft using TCP protocol the problem has been solved
instead.
Questions:
Why Microsoft uses UDP by default if there are authentication problems?
What would be the global impact on the network (WAN) using Kerberos
authentication through TCP? Would it be a suitable solution?
Any help really appreciated.
.
- Prev by Date: Setting up 2 domains with one way trust to dmz
- Next by Date: Re: Kerberos UDP vs TCP
- Previous by thread: Re: Kerberos UDP vs TCP
- Next by thread: Re: Kerberos UDP vs TCP
- Index(es):
Relevant Pages
|
