[OpenAFS] Kerberos Ticket Sizes when using AD as the KDC and OpenAFS
Douglas E. Engert
deengert@anl.gov
Thu, 26 Jan 2006 13:04:37 -0600
From the article:
"New resolution for problems that occur when users belong to many groups"
http://support.microsoft.com/?kbid=327825
It looks like XP and W2003 no longer have a max_token_size limit, and thus
the size of a ticket could now be above 12,000 bytes.
So for any sites that use Active Directory as the KDC and OpenAFS,
keep this folloeing option in mind for the afs/cell@realm principal
"An update is available that introduces the NO_AUTH_REQUIRED flag to
the UserAccountControl property in Windows Server 2003 and in Windows 2000"
http://support.microsoft.com/kb/832572
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444