Update on the USGS Kerberos for Windows issue. We've been able to replicate the KfW crash outside of Active Directory, using a huge set of SRV DNS records on a local DNS server. The Department of Interior Active Directory team continues to vary the amount of domain controllers in the GS domain. We must be very close to the DNS buffer limit in KfW, because occasionally this crash fails to occur. We've traced the crash to a static buffer size in wshelper, a MIT-developed Winsock wrapper. This means that the problem is local to Windows. We have been able to build a 32-bit wshelper DLL that contains a larger buffer. In testing, this fixes the problem in the production AD and test environments. There are a few problems with building MIT's Kerberos for Windows. The KfW project's source assumes that we are using a specific version of MS Visual Studio (2003). This version is old, and any attempts to build KfW with newer versions are not likely to be successful. We were able to tweak the wshelper code in order to build the specific DLL in a newer MS Visual Studio. Jeff Altman has commented that newer VS versions will probably not be able to build the entire KfW package ( http://mailman.mit.edu/pipermail/kfwdev/2007-July/000073.html). -- David Boldt