message size incompatible with type error for krb5-1.9 lib using Windows 2003 KDC

Douglas E. Engert deengert at
Wed Feb 16 12:25:59 EST 2011

On 2/16/2011 11:12 AM, Elzey, Blaine A (Blaine) wrote:
> The KB article says, "NO_AUTH_DATA_REQUIRED".

That is the correct bit, and is set on the service account
in the domain of the service.

There might still be cross realm issues and the service is
in a non-windows KDC. If the KDC does not have such a flag for its
service principals, it might still copy a PAC from the cross realm TGT.

  Is this the Account Option:  on the Account properties Account tab for the user?  The article is not clear, but that seems to work without the recompile.

the DONT_REQ_PREAUTH  bit is the "Do not require Kerberos preauthentication"
and is set on the user's account.

> Thanks,
> Blaine
> _______________________________________________
> krbdev mailing list             krbdev at


  Douglas E. Engert  <DEEngert at>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list