[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Easiest way to get service ticket after obtaining tgt



My krb5.conf has such lines already. I believe it's my client because another program (a Java kerberos application) can successfully do what I'm attempting with with the same krb5.conf file and same user@realm and ldap/server@server attributes.

Any ideas?

   Thanks,
  - Jeremiah
 inlovewithGod@gmail.com

On 10/14/05, Love Hörnquist Åstrand <lha@kth.se> wrote:

Jeremiah Martell <inlovewithgod@gmail.com> writes:

> This is still not working for me. An ethereal trace shows me trying to get a
> ticket for "krbtgt/.", which is really strange.
>
> Anybody tell me what I'm doing wrong?

Something goes horribly wrong when the libkrb5 code tries to do the cross
realm. Either the client does something stupid, or the KDC is acting up.

If the first paket going out from the client is a request for the
"krbtgt/.@CLIENTREALM", then its the client that is confused.

In that case, add a domain_realm mapping entry in krb5.conf on the client.

[domain_realm]
        .ldapdomain.com = LDAPREALM.COM

The first dot in the line i right, check manual page for krb5.conf for
explantation.

If its the KDC, check the log and see what it tells you.

Love






--
- Jeremiah
inlovewithGod@gmail.com