Kerberos - TCP client wants 1195725856 bytes, cap is 1048572Creating keytabs and service principal namesAuthenticate with Kerberos to a CIFS share provided by OpenSolarisAuthenticating Windows 7 against MIT Kerberos 5Linking Linux MIT Kerberos with a Windows 2003 Active DirectoryActive Directory: Thunderbird LDAP autocompletion not working with Kerberos authnginx emerg error with type_hashIs this Kerberos/AD setup possible?Kerberos SSH/PAM login like ADKerberos MaxTokenSizewindows-ubuntu-bash + hypervisor winrm + ansible - Server not found in Kerberos database
Does the EU Common Fisheries Policy cover British Overseas Territories?
You look catfish vs You look like a catfish
Binary Numbers Magic Trick
What is the range of this combined function?
Modify locally tikzset
Why do Ichisongas hate elephants and hippos?
Illegal assignment from SObject to Contact
Electric guitar: why such heavy pots?
Single Colour Mastermind Problem
If Earth is tilted, why is Polaris always above the same spot?
Was it really necessary for the Lunar Module to have 2 stages?
What's the polite way to say "I need to urinate"?
Does jamais mean always or never in this context?
"ne paelici suspectaretur" (Tacitus)
Where does the labelling of extrinsic semiconductors as "n" and "p" come from?
Why is the origin of “threshold” uncertain?
Why does nature favour the Laplacian?
Why does Bran Stark feel that Jon Snow "needs to know" about his lineage?
How to creep the reader out with what seems like a normal person?
Sci-fi novel series with instant travel between planets through gates. A river runs through the gates
What are the spoon bit of a spoon and fork bit of a fork called?
Weird result in complex limit
When and why did journal article titles become descriptive, rather than creatively allusive?
Feels like I am getting dragged in office politics
Kerberos - TCP client wants 1195725856 bytes, cap is 1048572
Creating keytabs and service principal namesAuthenticate with Kerberos to a CIFS share provided by OpenSolarisAuthenticating Windows 7 against MIT Kerberos 5Linking Linux MIT Kerberos with a Windows 2003 Active DirectoryActive Directory: Thunderbird LDAP autocompletion not working with Kerberos authnginx emerg error with type_hashIs this Kerberos/AD setup possible?Kerberos SSH/PAM login like ADKerberos MaxTokenSizewindows-ubuntu-bash + hypervisor winrm + ansible - Server not found in Kerberos database
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I'm having some difficulties debugging this error. I'm running nginx as an api gateway built to make a sub-request to kerberos whenever an endpoint gets called using the SPNEGO method. But whenever I attempt to make a requests with TGS ticket in the header I get the error TCP client 192.168.112.4.51658 wants 1195725856 bytes, cap is 1048572 then the connection closes.
I've tried printf "xffxffxffxff" | netcat krb_address 88 and it triggers the above error and if an instance of xff is removed then no error.
What I'm struggling with figuring out is:
- What exactly is the message being sent to kerberos that is breaking the cap constraint?
- What kind of configuration changes need to be made to meet the cap requirement?
I've never worked with nginx and kerberos before so not sure of any better questions I could be asking other then the basics.
Some insight into previous experience with this error or perhaps some additional techniques I could use to uncover some more insights into what is causing the error would be very much appreciated!
nginx tcp kerberos spnego
asked Apr 21 at 18:30
KenpachiKenpachi
62
add a comment |
I'm having some difficulties debugging this error. I'm running nginx as an api gateway built to make a sub-request to kerberos whenever an endpoint gets called using the SPNEGO method. But whenever I attempt to make a requests with TGS ticket in the header I get the error TCP client 192.168.112.4.51658 wants 1195725856 bytes, cap is 1048572 then the connection closes.
I've tried printf "xffxffxffxff" | netcat krb_address 88 and it triggers the above error and if an instance of xff is removed then no error.
What I'm struggling with figuring out is:
- What exactly is the message being sent to kerberos that is breaking the cap constraint?
- What kind of configuration changes need to be made to meet the cap requirement?
I've never worked with nginx and kerberos before so not sure of any better questions I could be asking other then the basics.
Some insight into previous experience with this error or perhaps some additional techniques I could use to uncover some more insights into what is causing the error would be very much appreciated!
nginx tcp kerberos spnego
asked Apr 21 at 18:30
KenpachiKenpachi
62
add a comment |
I'm having some difficulties debugging this error. I'm running nginx as an api gateway built to make a sub-request to kerberos whenever an endpoint gets called using the SPNEGO method. But whenever I attempt to make a requests with TGS ticket in the header I get the error TCP client 192.168.112.4.51658 wants 1195725856 bytes, cap is 1048572 then the connection closes.
I've tried printf "xffxffxffxff" | netcat krb_address 88 and it triggers the above error and if an instance of xff is removed then no error.
What I'm struggling with figuring out is:
- What exactly is the message being sent to kerberos that is breaking the cap constraint?
- What kind of configuration changes need to be made to meet the cap requirement?
I've never worked with nginx and kerberos before so not sure of any better questions I could be asking other then the basics.
Some insight into previous experience with this error or perhaps some additional techniques I could use to uncover some more insights into what is causing the error would be very much appreciated!
nginx tcp kerberos spnego
asked Apr 21 at 18:30
KenpachiKenpachi
62
I'm having some difficulties debugging this error. I'm running nginx as an api gateway built to make a sub-request to kerberos whenever an endpoint gets called using the SPNEGO method. But whenever I attempt to make a requests with TGS ticket in the header I get the error TCP client 192.168.112.4.51658 wants 1195725856 bytes, cap is 1048572 then the connection closes.
I've tried printf "xffxffxffxff" | netcat krb_address 88 and it triggers the above error and if an instance of xff is removed then no error.
What I'm struggling with figuring out is:
- What exactly is the message being sent to kerberos that is breaking the cap constraint?
- What kind of configuration changes need to be made to meet the cap requirement?
I've never worked with nginx and kerberos before so not sure of any better questions I could be asking other then the basics.
Some insight into previous experience with this error or perhaps some additional techniques I could use to uncover some more insights into what is causing the error would be very much appreciated!
nginx tcp kerberos spnego
nginx tcp kerberos spnego
asked Apr 21 at 18:30
KenpachiKenpachi
62
asked Apr 21 at 18:30
KenpachiKenpachi
62
asked Apr 21 at 18:30
KenpachiKenpachi
62
asked Apr 21 at 18:30
KenpachiKenpachi
62
asked Apr 21 at 18:30
KenpachiKenpachi
62
62
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
That's a protocol mismatch; at some point you're sending an HTTP request when the Kerberos server is expecting something else.
The giveaway here is the number shown in the error, 1195725856. Converted to hexadecimal, that's 47 45 54 20. Converted to ASCII, it is G, E, T, space, or the first four characters of an HTTP GET request. That is unlikely to be a coincindence.
I'm not very familiar with Kerberos, but a little research suggests that one possible cause is that you may have left out the --enable-http option to the kdc service?
answered Apr 22 at 23:46
Harry JohnstonHarry Johnston
3,97012040
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f963989%2fkerberos-tcp-client-wants-1195725856-bytes-cap-is-1048572%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
That's a protocol mismatch; at some point you're sending an HTTP request when the Kerberos server is expecting something else.
The giveaway here is the number shown in the error, 1195725856. Converted to hexadecimal, that's 47 45 54 20. Converted to ASCII, it is G, E, T, space, or the first four characters of an HTTP GET request. That is unlikely to be a coincindence.
I'm not very familiar with Kerberos, but a little research suggests that one possible cause is that you may have left out the --enable-http option to the kdc service?
answered Apr 22 at 23:46
Harry JohnstonHarry Johnston
3,97012040
add a comment |
That's a protocol mismatch; at some point you're sending an HTTP request when the Kerberos server is expecting something else.
The giveaway here is the number shown in the error, 1195725856. Converted to hexadecimal, that's 47 45 54 20. Converted to ASCII, it is G, E, T, space, or the first four characters of an HTTP GET request. That is unlikely to be a coincindence.
I'm not very familiar with Kerberos, but a little research suggests that one possible cause is that you may have left out the --enable-http option to the kdc service?
answered Apr 22 at 23:46
Harry JohnstonHarry Johnston
3,97012040
add a comment |
That's a protocol mismatch; at some point you're sending an HTTP request when the Kerberos server is expecting something else.
The giveaway here is the number shown in the error, 1195725856. Converted to hexadecimal, that's 47 45 54 20. Converted to ASCII, it is G, E, T, space, or the first four characters of an HTTP GET request. That is unlikely to be a coincindence.
I'm not very familiar with Kerberos, but a little research suggests that one possible cause is that you may have left out the --enable-http option to the kdc service?
answered Apr 22 at 23:46
Harry JohnstonHarry Johnston
3,97012040
That's a protocol mismatch; at some point you're sending an HTTP request when the Kerberos server is expecting something else.
The giveaway here is the number shown in the error, 1195725856. Converted to hexadecimal, that's 47 45 54 20. Converted to ASCII, it is G, E, T, space, or the first four characters of an HTTP GET request. That is unlikely to be a coincindence.
I'm not very familiar with Kerberos, but a little research suggests that one possible cause is that you may have left out the --enable-http option to the kdc service?
answered Apr 22 at 23:46
Harry JohnstonHarry Johnston
3,97012040
answered Apr 22 at 23:46
Harry JohnstonHarry Johnston
3,97012040
answered Apr 22 at 23:46
Harry JohnstonHarry Johnston
3,97012040
answered Apr 22 at 23:46
Harry JohnstonHarry Johnston
3,97012040
3,97012040
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f963989%2fkerberos-tcp-client-wants-1195725856-bytes-cap-is-1048572%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
