[OpenAFS] Kerberos Ticket Sizes when using AD as the KDC and OpenAFS

ted creedon tcreedon@easystreet.com
Thu, 26 Jan 2006 11:35:04 -0800

What happens to non service tickets?

Douglas E. Engert wrote:
> From the article:
> "New resolution for problems that occur when users belong to many groups"
> http://support.microsoft.com/?kbid=327825
> It looks like XP and W2003 no longer have a max_token_size limit, and 
> thus
> the size of a ticket could now be above 12,000 bytes.
> So for any sites that use Active Directory as the KDC and OpenAFS,
> keep this folloeing option in mind for the afs/cell@realm principal
> "An update is available that introduces the NO_AUTH_REQUIRED flag to
> the UserAccountControl property in Windows Server 2003 and in Windows 
> 2000"
> http://support.microsoft.com/kb/832572