[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Easiest way to get service ticket after obtaining tgt


That did the job. Removing the "REALM.COM = ." fixed the problem!!!

Thanks a lot for everyone who has helped with his problem. I really appreciate it! :-)

  A very happy man,
 - Jeremiah

On 10/18/05, Love Hörnquist Åstrand <lha@kth.se > wrote:

Jeremiah Martell <inlovewithgod@gmail.com > writes:

> [capaths]
> REALM1.COM = {
>  REALM2.COM = .
> }
> REALM2.COM = {
>  REALM1.COM = .
> }

Try removing this section. Direct trust doesn't require [capaths] in
Heimdal (its implicit).

I think you configuration is wrong, see 4.13 Transit policy in the info
documentation on how to set up [capaths].

What breaks is how the code figure out the next realm to jump to, it takes
the first element of the list. I tried explained it like this in the info

> However the order is important when the `[capaths]' section is used to
> figure out the intermediate realm to go to when doing multi-realm
> transit. When figuring out the next realm, the first realm of the list
> of `PERMITTED-CROSS-REALMS' is chosen. This is done in both the client
> kerberos library and the KDC.


- Jeremiah