rfc4120 indicates that nonce should be an unsigned integer. ASN.1 encoding of a signed vs. unsigned int will differ if the high-bit is set... Then, an additional octect of 0 needs to be included. Currently, our nonce is based on time(0) - and the high bit is not set... Nor will it be until 2038... But we should get this fixed sooner rather than later. Heimdal 0.7.1 is still using a signed int. The nonce is a randomly assigned - so for interoperability - we would need to be careful in how to handle this... If we encode as an unsigned int - would heimdals decoder handle properly? Looking at heimdals code - der_get_integer will only decode encodings of four bytes or less - sending a proper representation would bomb... So - if a heimdal client talks to a v5 kdc sending a nonce with the high bit set - we will respond with a five byte encoding - which heimdal will reject... A patch for the basics - without interoperability issues is attached...