Hello,
In my infrastructure I'm stuck with the size of Kerberos ticket due to a large number of Group Memberships.
I'm trying to find a way to obtain a Kerberos ticket through KCD :
- with only the Principal SID which important for my application
- without any Group SIDs
Do you know a way to do it ? The leads I try to follow are :
- Is there a parameter to pass in the Kerberos ticket request ?
- Must the SPN be configured in a specific way ?
- Must a parameter be set to a specific value on the account ? I found something related to the UAC :http://support.microsoft.com/kb/832572 but I tried it unsuccessfully.
Thank you for your ideas,
Regards,
Jeff