Is there a way to get more (debugging) information from the ka-forwarder or the authentication server? --Mike