About Intel AMT > Integration with Active Directory > Maximum Kerberos Ticket Size

Maximum Kerberos Ticket Size

Intel AMT has a maximum Kerberos ticket size that has varied from one release of Intel AMT to the next. Further, the maximum ticket size is different for HTTP connections and for redirection connections.

Maximum Ticket Size by Release

The following table shows the maximum ticket size for different Intel AMT releases. Initial releases had the smaller values. The latest maintenance release for each basic release supports the largest ticket sizes.

Intel AMT Release

HTTP Maximum Ticket Size (Bytes)

Redirection Maximum Ticket Size (Bytes)

2.x

3072-7680

2304-7680

3.x

3072-7680

2304-7680

4.x

3072-7680

2304-7680

5.x

3072-7680

2304-7680

6.1

8000

3072-7680

6.2 and later releases

8000

7680

 

Intel AMT Behavior When the Ticket is Too Large

If Intel AMT receives a ticket larger than the maximum, it will not be able to parse it. The response differs between HTTP connections and redirection connections.

HTTP connections will return an authentication error (HTTP 401 – unauthorized).

TCP/IP connections (Redirection connections, including KVM) do not complete, and there is no other indication.

Preventing Problems Due to Tickets Larger than the Maximum Size

Limit the number of groups to which the user belongs to reduce the ticket size. Learn more about the issue here. For help on checking for MaxTokenSize problems, click here).

 

Copyright © 2006-2022, Intel Corporation. All rights reserved.