diff --git a/ChangeLog b/ChangeLog
index fd3de883c..f49fddb92 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,24 @@
+2008-07-28  Love Hornquist Astrand  <lha@10a96laptop.meeting.ietf.org>
+
+	* lib/krb5/v4_glue.c: The "kaserver" part of Heimdal occasionally
+	issues invalid AFS tokens
+	(here "occasionally" means for certain users in certain realms).
+	
+	In lib/krb5/v4_glue.c, in the routine storage_to_etext the ticket
+	is padded to a multiple of 8 bytes. If it is already a multiple of
+	8 bytes, 8 additional 0-bytes are added.
+	
+	This catches the AFS krb4 ticket decoder by surprise: unless the
+	ticket is exactly 56 bytes, it only supports the minimum necessary
+	padding.  It detects the superfluous padding by comparing the
+	ticket length decoded to the advertised ticket length.
+	
+	Hence a 7-letter userid in "cern.ch" which resulted in a ticket of
+	40 bytes, got "padded" to 48 bytes which the rxkad decoder
+	rejected.
+	
+	From Rainer Toebbicke.
+
 2008-07-25  Love Hörnquist Åstrand  <lha@h5l.org>
 
 	* kuser/kinit.c: add --ok-as-delegate and --windows flags