[31451] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Kerberos service ticket issue!!!

daemon@ATHENA.MIT.EDU (Priya B)
Fri Sep 4 15:27:50 2009

From: Priya B <priya9907@gmail.com>
Date: Fri, 4 Sep 2009 07:15:41 -0700 (PDT)
Message-ID: <a974ac03-b8e0-423d-98f2-cc76ca437fee@x37g2000yqj.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Cc: srini.csit@gmail.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Thank you so much for your response!

We modified the krb5.conf file (as below) and also switched from UDP
to TCP. Now we're not getting any errors in the trace. But still we
don't get the service ticket (same exception). In the trace for some
reason, after the client gets the TGS response, the client closes the
TCP connection, and never tries to get a service ticket. It is not
querying regarding the service at all.

Anyway, below are some answers to your questions:

What version of Java?
>>> 1.6


Do you have cross realm setup between the two realms?
>>> It should be there, because we have another application (based on SSPI) using which we are able to sign-in to the same service.


Do you have the krb5.conf on the client setup for cross realm?
>>> We have. Below is the conf file. Do let us know if it needs any corrections.

--------------------------------------------------------------


[libdefaults]
udp_preference_limit = 1
	default_realm = REALM1.COM
    dns_lookup_kdc = true
[realms]
	REALM1.COM = {
                kdc = host1.realm1.com
		default_domain = realm1.com

       }

REALM2.COM = {

    realm_type   = WINNTv1

    ENC_TYPES_LIST = RC4_HMAC, DES_CBC_MD5, DES_CBC_CRC


    kdc = {

       name = host2.realm2.com
       default_domain = .realm2.com

       protocol = TCP

 }

  }



[domain_realm]
.realm1.com = REALM1.COM
.realm2.com =REALM2.COM




[capaths]
REALM1.COM = {
REALM2.COM = .
}

REALM2.COM  = {
 REALM1.COM = .
}


[logging]


--------------------------------------------------------------

Is one or both of the realms Window AD?
>>> Shall confirm that soon.


You appear to have done some tracing, but have not said where you are
seeing these messages or how far along the process of getting tickets
has gotten. i.e. client to client's KDC or client to server's KDC.
>>> client to client's KDC



________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post