On Mon, 2010-09-13 at 05:21 -0400, Victor Sudakov wrote: > BTW what can make Kerberos packets so big? Microsoft says: "Depending > on a variety of factors including security identifier (SID) history > and group membership, some accounts will have larger Kerberos > authentication packet sizes." What's there inside? Long principal > names? Long keys?
An Active Directory KDC will include authorization data within a Kerberos ticket which includes the set of groups you are a member of. If that's a lot of groups, then your ticket will be large. Another way Kerberos packets can get big is Diffie-Hellman values conveyed for PKINIT during initial authentication. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
