[32442] in Kerberos
Re: Getting two service principals, one of them with an empty realm
daemon@ATHENA.MIT.EDU (Tom Yu)
Tue Jun 8 21:57:32 2010
To: Rahul Amaram <rahul@synovel.com>
From: Tom Yu <tlyu@mit.edu>
Date: Tue, 08 Jun 2010 21:57:21 -0400
In-Reply-To: <4C0DF639.5080600@synovel.com> (Rahul Amaram's message of "Tue,
08 Jun 2010 13:20:17 +0530")
Message-ID: <ldv631t6k8u.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Rahul Amaram <rahul@synovel.com> writes:
> Hi,
> I did not get any response for this query. If nobody has an idea, I was
> planning to submit this a bug report. Looking forward to a response.
>
> Thanks,
> Rahul.
>
> On Wednesday 02 June 2010 11:59 AM, Rahul Amaram wrote:
>> Hi,
>> I am strangely getting two service principals for every service I use
>> and one of them has an empty realm. Below is a sample output.
>>
>> $ klist
>> Ticket cache: FILE:/tmp/krb5cc_1001_Xc3DVv
>> Default principal: xxxxxx@SYNOVEL.COM
>>
>> Valid starting Expires Service principal
>> 06/02/10 11:45:07 06/02/10 21:45:07 krbtgt/SYNOVEL.COM@SYNOVEL.COM
>> renew until 06/03/10 11:44:57
>> 06/02/10 11:45:27 06/02/10 21:45:07 imap/scs.synovel.com@
>> renew until 06/03/10 11:44:57
>> 06/02/10 11:45:27 06/02/10 21:45:07 imap/scs.synovel.com@SYNOVEL.COM
>> renew until 06/03/10 11:44:57
This is expected behavior that is a side effect of the way that
service principal realm referrals work. The empty realm name
indicates that the realm of the principal is unknown. A copy of the
ticket is present in the cache under its actual service principal name
and realm to allow both referral and non-referral lookups to work.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
