Incorrect expiration time for tickets returned from Windows KDCs
Andrew Bartlett
abartlet at samba.org
Sun Aug 28 18:20:07 EDT 2005
On Thu, 2005-08-25 at 14:46 -0600, Wachdorf, Daniel R wrote:
> I don't know specifically about the expiration time issue, but I do know
> you need to be really careful because Microsoft KDCS will throw error
> code 52 - which means you PAC is too big and the KDC wants you to use
> TCP. I don't know what causes this but we have had applications
> compiled with older libs work fine until one day the KDC decides to
> throw error code 52. I don't know what changed but it no longer will do
> UDP for that user.
This sounds like a case of a growing PAC, when the user becomes a member
(directly or indirectly, as it is a flattened list) of another group.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20050829/2f9452db/attachment.bin
More information about the krbdev
mailing list