John W. Sopko Jr. wrote:
I have been testing AFS using Windows 2003 SP2 as the KDC.
Things seem to be working fine with OpenAFS 1.4.4 linux
clients using kinit/aklog and Red Hat pam_krb5afs module.
Also things seem to work fine with the Windows 1.5.21 afs
client and kfw 3.2 on Windows XP clients.
Is the PAC data still an issue with the latest OpenAFS release?
Is the issue the PAC data that is put in the afs/cell.name
service principal breaks older clients? Thanks for any input.
Could still be an issue with older clients, that had a limit around 1k?
OpenAFS added code to allow 12K, but I also saw a Microsoft article
that raised their limit to 14K!
But since AFS does not need the PAC you could tell AD 2003 to not send it.
The original patch was:
http://support.microsoft.com/kb/832572
It adds another bit to the userAccountControl
http://support.microsoft.com/kb/305144
You can get your AD admin to set this bit in the afs service account.
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
