[29821] in Kerberos
krb5 RHEL 5.1 and NetworkManager
daemon@ATHENA.MIT.EDU (neelsmail@rediffmail.com)
Tue May 13 14:47:39 2008
From: neelsmail@rediffmail.com
Date: Tue, 13 May 2008 05:23:41 -0700 (PDT)
Message-ID: <70c09d06-61f5-4b20-837b-b1b7208cd135@u12g2000prd.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I am _very_ new to kerberos AND Linux. But here is what I am trying to
do:
- I have Windows 2003 SP1 server which is acting as Domain Controller
(KDC I believe).
- I have Linux RHEL 5.1 which is trying to authenticate the added
service principal.
The problem: Every time I run the "kinit" command, like the one given
below, in the context of Active Directory user I have logged in as, it
pops up krb5-auth-dialog where I have to enter the credentials,
_everytime_.
Command: kinit /S host/AnotherXpHost.MyDomain.com -k -t /etc/
MyKeyTab.keytab ServicePrincipalName
What I observed is before I run "kinit" command, klist (just "klist"
without any argument), list that the current ticket avaiable is krbtgt/
MyDomain.com@MyDomain.com
When the above mentioned "kinit" command is completed and I run
"klist" it shows that, it is replaced with ticket for host/
AnotherXpHost.MyDomain.com@MyDomain.com
Now, the password authentication dialog (krb5-auth-dialog) shows up.
If I enter correct credentials now, and run klist, it again will
display that ticket available right now is for krbtgt/
MyDomain.com@MyDomain.com
Is it that the "kinit" I am running should _add_ instead of replacing
the ticket? or should I run "kinit" command with krbtgt _always_?
Thanks in advance,
Neel.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
