Kerberos over TCP on OS X 10.7 (Lion)

With the release of Mac OS X 10.7 (Lion) Apple has switched from MIT Kerberos to Heimdal Kerberos.

By default Heimdal will attempt to communicate with KDCs over UDP.
In some cases it is desirable to default to TCP.
Heimdal can be instructed to prefer TCP by prepending the KDC hostnames in /etc/krb5.conf with tcp/.
For example:

	[realms]
		EXAMPLE.COM = {
			kdc = tcp/kerberos-1.example.com:88
			kdc = tcp/kerberos-2.example.com:88
		}

Comments are closed.