In addition, there are limits on individual fields within a protocol message that is sent by the Kerberos service.
Solution: Verify that you have not restricted the transport to UDP in the KDC server's Cause: Kerberos cannot make the host name fully qualified.
Solution: Make sure that the server you are communicating with is in the same realm as the client, or that the realm configurations are correct.
Cause: The message size that was being sent by a Kerberized application was too long.
Destroy your tickets with Cause: Kerberos could not recognize the message type that was sent by the Kerberized application.
Solution: If you are using a Kerberized application that was developed by your site or a vendor, make sure that it is using Kerberos correctly.
This chapter also provides some troubleshooting tips for various problems.
Cause: A realm mismatch between the client and server occurred in the initial ticket request.Cause: More default encryption types are included in the base release in the Solaris 10 8/07 release.Clients can request encryption types that may not be supported by a KDC running an older version of the Solaris software.Cause: The password that you specified for the principal does not contain enough password classes, as enforced by the principal's policy.Solution: Make sure that you specify a password with the minimum number of password classes that the policy requires.