[OpenAFS] ADS communications issue?

Jeffrey Altman jaltman@secure-endpoints.com
Wed, 09 Sep 2009 12:25:45 -0400

Douglas E. Engert wrote:

> Yes, but the TGT is not send via rx over UDP, only the service ticket

If the service ticket is issued by a MIT/Heimdal realm using
a cross-realm authentication from AD, then the PAC that is provided
by AD in the cross-realm TGT will be included by the MIT/Heimdal realm
within the afs service ticket.  The PAC provided in the cross-realm TGT
is critical and cannot be removed by the MIT/Heimdal KDC.

I agree that I do not believe this problem is service ticket related.

Jeffrey Altman