[29376] in Kerberos

home help back first fref pref prev next nref lref last post

Principle name mappings question

daemon@ATHENA.MIT.EDU (Ben W Young)
Wed Feb 27 20:12:56 2008

Date: Thu, 28 Feb 2008 12:11:48 +1100
From: Ben W Young <ben.w.young@det.nsw.edu.au>
To: <kerberos@mit.edu>
Message-ID: <C3EC5584.FFAB%ben.w.young@det.nsw.edu.au>
In-Reply-To: <f0fiul$7qs$1@sea.gmane.org>
Mime-version: 1.0
Cc: Macenterprise <macenterprise@lists.psu.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Hi,

I am very new to Kerberos authentication and am having problems with getting
a ticket for a users on multiple AD Realms.
The client OS is OS X 10.4.x and using LDAP Mappings and /etc/authorization
for kerb ticket at login window.

The user names are like this:
firstname.lastname@DOM1
firstname.lastname@DOM2

This is what my edu.mit.kerberos file looks like:

[libdefaults]
        default_realm = DOM1.WIN
        
 DOM1.WIN = {
                admin_server = server1.dom1.win.:749
                kdc = server1.dom1.win.:88
}
 DOM2.WIN = {
                admin_server = server1.dom2.win.:749
                kdc = server1.dom2.win.:88

The first thing is that I don't believe @DOM1 is mapping to the DOM1.WIN and
it just defaults to DOM1.WIN in the edu.mit.kerberos file.  As a consequence
this user (firstname.lastname@DOM1) gets a ticket.
So when firstname.lastname@DOM2 try's it cant resolve to DOM2 to it defaults
to DOM1.WIN in the edu.mit.kerberos file and fails to get a ticket
 
Does anyone have any ideas on the way forward here? I am really stuck!

Any help would be much appreciated!

Ben W Young
Technology Services Administrator
ben.w.young@det.nsw.edu.au




**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
home help back first fref pref prev next nref lref last post