Extraordinarily large users (members of a large number of AD groups) cannot authenticate via Kerberos because the buffers we allocate are too small. Security packages in Windows have a default max token size of 12k bytes which we have hardcoded. This has changed in Windows 2012 to 48k bytes. In addition, it is possible for users to change the MaxTokenSize in their registry. As such, we should be querying the kerberos package info for this value.