[OpenAFS] ADS communications issue?
Wed, 09 Sep 2009 12:25:45 -0400
Douglas E. Engert wrote:
> Yes, but the TGT is not send via rx over UDP, only the service ticket
If the service ticket is issued by a MIT/Heimdal realm using
a cross-realm authentication from AD, then the PAC that is provided
by AD in the cross-realm TGT will be included by the MIT/Heimdal realm
within the afs service ticket. The PAC provided in the cross-realm TGT
is critical and cannot be removed by the MIT/Heimdal KDC.
I agree that I do not believe this problem is service ticket related.