MJanssen01
MIS
Hi,
Where having problems with kerberos authentication in Windows 2003(AD). The problem is that in some cases the UDP request is too large to fit in one packet. The result is that the fragmented UDP packets are dropped by our network equipment. MS says there are two ways of solving this.
1. enlarging the UDP packet size so the request fits in 1 packet.
2. Force kerberos to communicate through TCP/IP which is connection oriented thus a more reliable way of communicating.
My question is: Why is UDP used as primary protocol for kerberos when TCP/IP doesn't have the problems like the one mentioned above?
Any Ideas?
(the only one I can think of is performance. Hopefully there's a better reason for it.)
Thanx,
M Janssen
Where having problems with kerberos authentication in Windows 2003(AD). The problem is that in some cases the UDP request is too large to fit in one packet. The result is that the fragmented UDP packets are dropped by our network equipment. MS says there are two ways of solving this.
1. enlarging the UDP packet size so the request fits in 1 packet.
2. Force kerberos to communicate through TCP/IP which is connection oriented thus a more reliable way of communicating.
My question is: Why is UDP used as primary protocol for kerberos when TCP/IP doesn't have the problems like the one mentioned above?
Any Ideas?
(the only one I can think of is performance. Hopefully there's a better reason for it.)
Thanx,
M Janssen
