[30479] in Kerberos
RE: Trouble with service principal missing its realm
daemon@ATHENA.MIT.EDU (Tim Alsop)
Thu Nov 27 04:30:09 2008
From: Tim Alsop <Tim.Alsop@CyberSafe.com>
To: "jaltman@secure-endpoints.com" <jaltman@secure-endpoints.com>
Date: Thu, 27 Nov 2008 09:26:15 +0000
Message-ID: <1A136DCE57F98F4B8BAB5FFC69C8E6DA21E4902A10@exchange.cybersafe.local>
In-Reply-To: <492E61C9.6020406@secure-endpoints.com>
Content-Language: en-US
MIME-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Jeffrey,
Regarding:
> A service ticket in the credential cache without a realm name
> is a service ticket that was obtained using server side referrals.
> The actual realm name was not specified by the client when
> requesting the service ticket.
[Tim Alsop] Is the fact that there is no realm, a bug, or is the cache supposed to contain tickets without a realm in this scenario ? Surely if actual realm was not specified, when the actual realm is determined by KDC, and ticket issued, this realm should be used when putting the ticket in the client cache ? if not, why not ?
Thanks,
Tim
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
