[OpenAFS] Ticket length error on Mac OSX 10.4.x

Douglas E. Engert deengert@anl.gov
Tue, 30 May 2006 12:46:39 -0500

Larry Cashdollar wrote:
> 1.2.11, All my linux clients work fine, but they are using the 1.2.11
> clients as well.  I see this is probably because my old server and
> clients work fine together, but the new mac version is trying to use
> the large ticket length? So I should upgrade to the latest.

You can set the NO_AUTH_REQUIRED bit in the afs acount in AD, so that
the ticket for this service will not have a PAC, and thus be much smaller.
AFS does not use the PAC.  You need to add the bit to the userAccountControl.
Your AD admin can do this with mmc and ADSI edit or some other tools.

NO_AUTH_DATA_REQUIRED  0x2000000           33554432

See:  http://support.microsoft.com/kb/832572

> On 5/28/06, Jeffrey Altman <jaltman@secure-endpoints.com> wrote:
>> What version are your servers?  RXKADTICKETLEN means the length of
>> the token is either too large or too small.  You probably have one
>> or more servers that do not support the large tickets issued by
>> Active Directory.
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info


  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444