hi Robertson,
thanks for the info.
Yes there is a one way domain trust in place (netdom trust) run from the AD server.
Currently running:
adinfo (CentrifyDC 5.3.0-220)
so from the article I understand i can set the adclient.krb5.autoedit to false and manage this file myself - i.e. copy from the local MIT KDC - is that correct?
thanks