[32255] in Kerberos
Re: Generic question regarding service principal required to access a
daemon@ATHENA.MIT.EDU (Elia Pinto)
Sat Apr 10 05:28:24 2010
MIME-Version: 1.0
In-Reply-To: <k2x4df72b1a1004090844r75eed71dkbb3f55489938e489@mail.gmail.com>
Date: Sat, 10 Apr 2010 10:28:09 +0100
Message-ID: <v2n4df72b1a1004100228g6cb4326mcec91bdcf3b759f0@mail.gmail.com>
From: Elia Pinto <gitter.spiros@gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Sorry if repost but i am not sure this mail was received.
Hi to all
I'm trying to do a ftp logon from a linux client (RHEL 5.4)
authenticated via kerberos to an AD (Active Directory) domain to a KDC
MVS RACF (SAF mode and nokeytab) in cross-domain realm trust with the
AD.
The ftp client I'm using is which is distributed by kerberos MIT on
RHEL (krb-workstation 1.6.1-36 rpm).
I can get a TGS ftp /<KDC MVS hostname>@< KDC MVS REALMS> but it seems
that the client also requests a TGS host /<KDC MVS hostname>@< KDC MVS
REALMS> but this one is not defined on the KDC MVS and so the ftp
client logon fail.
The question is now if it is really need for a service like ftp to
also have as a principal host/<KDC MVS hostname>@< KDC MVS REALMS>?
RFC 2228 is unclear on this point.
Thanks in advance.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
