We have some reason to believe Microsoft and Heimdal are both using the authdata value 142 for different purposes, leading to failures in verify_ad_signedpath(). For better interoperability, treat such tickets as unsigned, rather than invalid. https://github.com/krb5/krb5/commit/f58cc5a2589e1589ff17c0057ff5da97cac834d7 Commit By: ghudson Revision: 23766 Changed Files: U trunk/src/kdc/kdc_authdata.c