For heimdal, "afslog" is included in heimdal, and if I did not cheat myself during testing of 1.3.2rc2, it does not need the krb5.conf option, but for example heimdals telnet will need allow_weak_crypto = yes (Insert rant that I want SSH KeyExchnage in all distros here) Another thing to keep an eye on would be the PAM module. Harald.