On 01/21/2013 07:28 PM, Richard Silverman wrote: > Any further thoughts on this issue? While I'd like to have better solutions for the problem of multiple Kerberos realms for a domain, this particular solution (optimistic referrals and a do-not-refer-crossrealm-requests flag) doesn't feel elegant or complete to me.