[OpenAFS] ADS communications issue?
Jeffrey Altman
jaltman@secure-endpoints.com
Wed, 09 Sep 2009 10:55:36 -0400
Douglas E. Engert wrote:
> If its the large ticket problem, there is a way to tell AD that the service
> ticket for AFS does not need a PAC, thus reducing the size from maybe
> 12k to
> less then 500 bytes.
>
> See: http://support.microsoft.com/kb/305144
> And this which adds the NO_AUTH_DATA_REQUIRED
> http://support.microsoft.com/kb/832572
>
> Your admin can set NO_AUTH_DATA_REQUIRED on the afs service account in AD.
This only works if the afs service ticket is being served by AD. It
does not work if cross-realm is being used to access an afs service
ticket from a MIT/Heimdal realm. There is no method to remove the PAC
from a cross-realm tgt.
Jeffrey Altman