Kerberos – TCP client wants 1195725856 bytes, cap is 1048572

I’m having some difficulties debugging this error. I’m running nginx as an api gateway built to make a sub-request to kerberos whenever an endpoint gets called using the SPNEGO method. But whenever I attempt to make a requests with TGS ticket in the header I get the error TCP client wants 1195725856 bytes, cap is 1048572 then the connection closes.

I’ve tried printf "\xff\xff\xff\xff" | netcat krb_address 88 and it triggers the above error and if an instance of \xff is removed then no error.

What I’m struggling with figuring out is:

  1. What exactly is the message being sent to kerberos that is breaking the cap constraint?
  2. What kind of configuration changes need to be made to meet the cap requirement?

I’ve never worked with nginx and kerberos before so not sure of any better questions I could be asking other then the basics.

Some insight into previous experience with this error or perhaps some additional techniques I could use to uncover some more insights into what is causing the error would be very much appreciated!