[OpenAFS] ADS communications issue?
Douglas E. Engert
Wed, 09 Sep 2009 11:11:28 -0500
Jeffrey Altman wrote:
> Douglas E. Engert wrote:
>> If its the large ticket problem, there is a way to tell AD that the service
>> ticket for AFS does not need a PAC, thus reducing the size from maybe
>> 12k to
>> less then 500 bytes.
>> See: http://support.microsoft.com/kb/305144
>> And this which adds the NO_AUTH_DATA_REQUIRED
>> Your admin can set NO_AUTH_DATA_REQUIRED on the afs service account in AD.
> This only works if the afs service ticket is being served by AD. It
> does not work if cross-realm is being used to access an afs service
> ticket from a MIT/Heimdal realm. There is no method to remove the PAC
> from a cross-realm tgt.
Yes, but the TGT is not send via rx over UDP, only the service ticket which appears
to be the issue. So you comments on the src/util not being built correctly or
the rxmaxmtu might solve the problem too.
> Jeffrey Altman
> OpenAFS-info mailing list
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439