[37292] in Kerberos
Re: Incremental propagation when KDCs are clients of a different realm
daemon@ATHENA.MIT.EDU (Toby Blake)
Mon Nov 2 11:51:16 2015
Mime-Version: 1.0
From: Toby Blake <toby@inf.ed.ac.uk>
In-Reply-To: <F4C4E7CE-B107-4C1D-8959-F42F2118BA04@inf.ed.ac.uk>
Date: Mon, 2 Nov 2015 16:50:58 +0000
Message-Id: <903877A9-C049-42F4-B7CA-93083D50A252@inf.ed.ac.uk>
To: kerberos@mit.edu
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
> I'll play around a little more and report back.
Still the same. This is what I see on the master...
Nov 02 15:23:29 cardus.our.realm kadmind[25047](Notice): Cannot decrypt ticket for kiprop/cardus.our.realm@OUR.REALM using keytab key for kadmin/changepw@TEST.OUR.REALM
cardus.our.realm is the master - it's a client of OUR.REALM but is a master KDC
for TEST.OUR.REALM
The kiprop principals have to be in OUR.REALM, not TEST.OUR.REALM
Cheers
Toby
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
