[2273] in Kerberos-V5-bugs
krb5-admin/39: kprop is expecting authentication to wrong principle
daemon@ATHENA.MIT.EDU (klmitch@MIT.EDU)
Fri Sep 27 15:34:41 1996
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: bjaspan@MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, klmitch@MIT.EDU
Date: Fri, 27 Sep 1996 15:32:30 -0400
From: klmitch@MIT.EDU
Reply-To: klmitch@MIT.EDU
To: krb5-bugs@MIT.EDU
>Number: 39
>Category: krb5-admin
>Synopsis: kprop is expecting authentication to wrong principle
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bjaspan
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Fri Sep e 15:33:00 EDT 1996
>Last-Modified:
>Originator: Kevin L Mitchell
>Organization:
mit
>Release: 1.0-development
>Environment:
System: SunOS starkiller 5.4 Generic_101945-37 sun4m sparc
>Description:
kpropd always expects authentication to the machine's default realm
as specified in [domain_realms], even when given the -r option to specify
another realm. This might be a problem if a site, which has one realm, also
maintains a Kerberos realm for another site on a separate KDC from their
internal one. kprop does authenticate to the "expected" principle.
>How-To-Repeat:
I set up a V5 server inside the Athena realm and attempted to
propagate to another machine, again in the Athena realm. I was at first
confused by the error message and thought kprop was at fault, but it was
kpropd, which was expecting authentication to itself in the Athena realm,
whereas kprop was attempting for the Zone realm.
>Fix:
>Audit-Trail:
>Unformatted:
