[32257] in Kerberos
Generic question regarding service principal required to access a
daemon@ATHENA.MIT.EDU (Elia Pinto)
Mon Apr 12 15:45:09 2010
MIME-Version: 1.0
Date: Fri, 9 Apr 2010 17:44:08 +0200
Message-ID: <k2x4df72b1a1004090844r75eed71dkbb3f55489938e489@mail.gmail.com>
From: Elia Pinto <gitter.spiros@gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi to all
I'm trying to do a ftp logon from a linux client (RHEL 5.4)
authenticated via kerberos to an AD (Active Directory) domain to a KDC
MVS RACF (SAF mode and nokeytab) in cross-domain realm trust with the
AD.
The ftp client I'm using is which is distributed by kerberos MIT on
RHEL (krb-workstation 1.6.1-36 rpm).
I can get a TGS ftp /<KDC MVS hostname>@< KDC MVS REALMS> but it seems
that the client also requests a TGS host /<KDC MVS hostname>@< KDC MVS
REALMS> but this one is not defined on the KDC MVS and so the ftp
client logon fail.
The question is now if it is really need for a service like ftp to
also have as a principal host/<KDC MVS hostname>@< KDC MVS REALMS>?
RFC 2228 is unclear on this point.
Thanks in advance.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
