[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Easiest way to get service ticket after obtaining tgt

Jeremiah Martell <inlovewithgod@gmail.com> writes:

> This is still not working for me. An ethereal trace shows me trying to get a
> ticket for "krbtgt/.", which is really strange.
> Anybody tell me what I'm doing wrong?

Something goes horribly wrong when the libkrb5 code tries to do the cross
realm. Either the client does something stupid, or the KDC is acting up.

If the first paket going out from the client is a request for the
"krbtgt/.@CLIENTREALM", then its the client that is confused.

In that case, add a domain_realm mapping entry in krb5.conf on the client.

	.ldapdomain.com = LDAPREALM.COM

The first dot in the line i right, check manual page for krb5.conf for

If its the KDC, check the log and see what it tells you.


PGP signature