On Wed, 2010-09-15 at 12:15 -0400, Luke Howard wrote: > The trace simo attached showed unkeyed checksum in a tgs req, IIRC Yes, but that's not directly to the failure case. We have no reason to believe that a tgs-req with an hmac-md5 authenticator checksum will be rejected by AD.