[16644] in Kerberos_V5_Development
Re: message size incompatible with type error for krb5-1.9 lib using
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Wed Feb 16 12:26:02 2011
Message-ID: <4D5C08A7.3020605@anl.gov>
Date: Wed, 16 Feb 2011 11:25:59 -0600
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: krbdev@mit.edu
In-Reply-To: <0DEE3BCEE44BFD4EBC3B7DC009C8E792250702D015@USNAVSXCHMBSA3.ndc.alcatel-lucent.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 2/16/2011 11:12 AM, Elzey, Blaine A (Blaine) wrote:
> The KB article says, "NO_AUTH_DATA_REQUIRED".
That is the correct bit, and is set on the service account
in the domain of the service.
There might still be cross realm issues and the service is
in a non-windows KDC. If the KDC does not have such a flag for its
service principals, it might still copy a PAC from the cross realm TGT.
Is this the Account Option: on the Account properties Account tab for the user? The article is not clear, but that seems to work without the recompile.
>
the DONT_REQ_PREAUTH bit is the "Do not require Kerberos preauthentication"
and is set on the user's account.
> Thanks,
>
> Blaine
>
> _______________________________________________
> krbdev mailing list krbdev@mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
