[23622] in Kerberos
Re: Solaris 9 Cross Realm Authentication Problems
daemon@ATHENA.MIT.EDU (Jeffrey Hutzelman)
Fri Apr 1 23:36:02 2005
Date: Fri, 01 Apr 2005 23:34:50 -0500
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: webmaster@litemail.org, kerberos@mit.edu
Message-ID: <5194F2F28886E59E917FAF02@sirius.fac.cs.cmu.edu>
In-Reply-To: <2189.66.27.208.74.1112412217.squirrel@light.litemail.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Errors-To: kerberos-bounces@mit.edu
On Friday, April 01, 2005 07:23:37 PM -0800 Darren Hoch
<webmaster@litemail.org> wrote:
> kadmin: lisprincs
> <snip>
> krbtgt/example1.com@EXAMPLE2.COM
> krbtgt/example2.com@EXAMPLE1.COM
> krbtgt/example1.com@EXAMPLE.COM
The second components of each of these principal names must exactly match
the name of the realm involved, including case. So, for example, for a
client in the EXAMPLE1.COM realm to authenticate to a service in the
EXAMPLE.COM realm, you need krbtgt/EXAMPLE.COM@EXAMPLE1.COM to exist. Of
course, it needs to exist in both realms and have the same key and kvno in
both places.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos