[31004] in Kerberos
RE: MIT Kerberos + Windows 2K3 AD Kerberos Cross-Realm TGT Issue
daemon@ATHENA.MIT.EDU (Jason D. McCormick)
Mon Apr 20 17:20:54 2009
X-Barracuda-Envelope-From: jasonmc@sei.cmu.edu
From: "Jason D. McCormick" <jasonmc@sei.cmu.edu>
To: "'kerberos@mit.edu'" <kerberos@mit.edu>
Date: Mon, 20 Apr 2009 17:20:00 -0400
Message-ID: <81BFFE1EFAD6894D9992C1B6D2A255B5CFEFFF2A75@EXCHANGE.sei.cmu.edu>
In-Reply-To: <B9BF119F687A824C8A49C4E4ED69576801618299@its-exchmb01.stanford.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1789227080=="
Errors-To: kerberos-bounces@mit.edu
--===============1789227080==
Content-Language: en-US
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=SHA1; boundary="----=_NextPart_000_0027_01C9C1DC.3C87FA00"
------=_NextPart_000_0027_01C9C1DC.3C87FA00
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
> On the trust problem, by default, Windows clients rely on the
> Active Directory to do the host-to-realm mappings. Do you have
> a top-level-name forward configured on the two-way external
> trust in AD? These are done automatically for Windows forest
> trusts, but not always for external trusts.
>
> (Trust needs to be forest transitive)
> Netdom trust AD.EXAMPLE2.COM /domain:EXAMPLE1.COM
> /AddTLN:EXAMPLE1.COM
You can only do this operation with the top-level forest root and
based on reading, we didn't think it would do anything. We went ahead
and defined a two-way external trust for AD-ROOT.EXAMPLE2.COM <->
EXAMPLE1.COM and added this trust type and it didn't have any affect.
Is there any additional documentation you're aware of that has
configuration directives that my force a trust at non-forest-level
domains?
- Jason
------=_NextPart_000_0027_01C9C1DC.3C87FA00
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIUkDCCBDow
ggMioAMCAQICAQUwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4g
R292ZXJubWVudDEMMAoGA1UECxMDRUNBMRYwFAYDVQQDEw1FQ0EgUm9vdCBDQSAyMB4XDTA4MDQw
NDE0MjQ0OVoXDTI4MDMzMDE0MjQ0OVowTTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292
ZXJubWVudDEMMAoGA1UECxMDRUNBMRYwFAYDVQQDEw1FQ0EgUm9vdCBDQSAyMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5DYHu+a7W5HsUZhRo2jVgicSjLHRfLSpKRmvn49l4Dv6ddr
6eDAO43i+BL6EzWkzVqGi7DQLzSM9wXth2+nMBfQFsZYRr2V+VYaiNROHn5YHxuicxWdXosGJBN2
PJ9gYq2wtfTgJMFT99kcNx3mPPD60/H5oZjxN4XYzwJg8KA4lEtRKAnCF/xApGF5DrSMGyCCYvXk
mtYpijb6H4HAoRExS/5W/di/UZMnWdr1gz5EpN/VIGfrnwCn+94xtmMxHD33HGwJjX/0upyofB8B
xoBtAQHYN6j+LX0rwsvW6Zy6lI12Ft7MgXUEe0F3FWUVyawAtr/rHNy5jWQt/zXbxQIDAQABo4IB
IzCCAR8wHQYDVR0OBBYEFO3kh9AnxFDmhDr3zPfrOkn8Uk4hMA4GA1UdDwEB/wQEAwIBhjAPBgNV
HRMBAf8EBTADAQH/MIHcBggrBgEFBQcBCwSBzzCBzDBDBggrBgEFBQcwBYY3aHR0cDovL2NybC5n
ZHMuZGlzYS5taWwvZ2V0SXNzdWVkQnk/RUNBJTIwUm9vdCUyMENBJTIwMjCBhAYIKwYBBQUHMAWG
eGxkYXA6Ly9jcmwuZ2RzLmRpc2EubWlsL2NuJTNkRUNBJTIwUm9vdCUyMENBJTIwMiUyY291JTNk
RUNBJTJjbyUzZFUuUy4lMjBHb3Zlcm5tZW50JTJjYyUzZFVTP2Nyb3NzQ2VydGlmaWNhdGVQYWly
O2JpbmFyeTANBgkqhkiG9w0BAQUFAAOCAQEASswb54WIkyPZub7PuvE1lMFLPBNwXYMuTn7BVg8t
wX4fDend/gKZfGDjhqq5hiPDF37HEQ/j0EJWoxzzcI+xiJG1vA6JJWbIP182Kg4+tmdAjD1A36di
4DgY+iRtLSPTwLh0XpVEVHohlw9azcP8lT0iIhXdGGBdhTepTfeB/L1KpliMT7/HZaH/4tM0SBoX
ATLyhPPeBbJkSZg3zSH1qIFbZMXafFiwYWEfrcCt7TS2lKvHnOxllymFlJQzxDUkiz3N/Dcqu/qk
thuQ8pVXF0jg76mdrQDisWTZZ3kRg7ma6AsyNs4gZ+N6bUvqXlPlLzBB3fjlVJ2p12nGddlFRzCC
BOswggPToAMCAQICEEPv98mpmrBY/wMZiSWCqgwwDQYJKoZIhvcNAQEFBQAwgZkxCzAJBgNVBAYT
AlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0VDQTEiMCAGA1UECxMZQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdGllczE+MDwGA1UEAxM1VmVyaVNpZ24gQ2xpZW50IEV4dGVybmFs
IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDgxMjEwMDAwMDAwWhcNMDkxMjEwMjM1
OTU5WjCBjTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMD
RUNBMRcwFQYDVQQLEw5WZXJpU2lnbiwgSW5jLjEjMCEGA1UECxQaQ2FybmVnaWUgTWVsbG9uIFVu
aXZlcnNpdHkxGDAWBgNVBAMTD0phc29uIE1jQ29ybWljazCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEA4FvQ3qNNgR2/fsrt9s6gjsrU2C2S621N8XFd9qCiz/IXfiiL8dNB/Yobt66ZLI91Wdg5
Xy+OpZyniOwQVDj16IK2QGEXIKKB3cAMbhLjnXDoLSqo/U4qUQS1DLsTfKMOej/PJomj+iFI5NBk
H5kLMYWS0/mGqFLeIZ1wqixoCeECAwEAAaOCAbswggG3MFEGA1UdHwRKMEgwRqBEoEKGQGh0dHA6
Ly9lY2EtY2xpZW50LWNybC52ZXJpc2lnbi5jb20vVmVyaVNpZ25FQ0EyMDQ4L0xhdGVzdENSTC5j
cmwwDgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBTqx5HHHfy4CcttnqIIgufNJMb/djAfBgNVHSME
GDAWgBQNT8LF2hOQIhfdUFwK9CFL/HIoGjAeBgNVHREEFzAVgRNqYXNvbm1jQHNlaS5jbXUuZWR1
MIGABggrBgEFBQcBAQR0MHIwPwYIKwYBBQUHMAKGM2h0dHBzOi8vZWNhMjA0OC52ZXJpc2lnbi5j
b20vQ0EvVmVyaVNpZ25FQ0EyMDQ4LmNlcjAvBggrBgEFBQcwAYYjaHR0cDovL2VjYS1jbGllbnQt
b2NzcC52ZXJpc2lnbi5jb20wUgYDVR0gBEswSTBHBgpghkgBZQMCAQwBMDkwNwYIKwYBBQUHAgEW
K2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L2VjYS9jcHMwGwYDVR0JBBQwEjAQ
BggrBgEFBQcJBDEEEwJVUzANBgkqhkiG9w0BAQUFAAOCAQEAI6P5aPh6NFcn0cYthFK6U/O/eVzB
/OriwB0XONV+IpJHkou6FW5IqjOAcOF57giK0NpNDzW/trFHyyRd6sJGOlTbIU7+fv/MXKci0xOT
5BjUaeJhQOMb+IEBn5qfY1oS0BL67noS/clfvzRnOE1B3c2WpMfLRN9vVa8JxYzFBJLBzWqeC7Gh
UMP2UqGtqq0T2+9Ay6wXUxq6G1gz+PW4lW0SSlZoYHDMwPTaZMSa0KrCyEm/p3qEGhLbkij0rtAO
b3BEhelXi6Wq12cf+ia9XrmH2oHsMIBzpJj0fa3O14OCHl012uB0PcHDsnUJXDpZu5yAOcRgNrgd
8+eEYdlDijCCBW8wggRXoAMCAQICEBV+hQ+AEolEu5WJ07D08iAwDQYJKoZIhvcNAQEFBQAwgZkx
CzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0VDQTEiMCAG
A1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczE+MDwGA1UEAxM1VmVyaVNpZ24gQ2xpZW50
IEV4dGVybmFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDgxMjEwMDAwMDAwWhcN
MDkxMjEwMjM1OTU5WjCBjTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEM
MAoGA1UECxMDRUNBMRcwFQYDVQQLEw5WZXJpU2lnbiwgSW5jLjEjMCEGA1UECxQaQ2FybmVnaWUg
TWVsbG9uIFVuaXZlcnNpdHkxGDAWBgNVBAMTD0phc29uIE1jQ29ybWljazCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMMP18KGMddDbojXl3PV3Q6S+ZKDdrma2UOVT4/VXn52pusk96Du
yaZidrLqhi29VDYdJwbrRjvYTmuwGOAUZxFaUKjSpoIBKcMKT0gXR+S6V3h1azTqLCEcKXtGHLOk
kS5b8w4izHahKkC9NJB8Qc/jTykjD/35T0hRd+hucusJe39KW3TQjV2ZQwwe02k2YjfaB+PrblbU
+o2uKN1OiQqBGgZCnMT37fNVoqura3IfcsjGfZ3CAyqn/Kg1n06AoezZESYCwwycvwFF0yeOGbjr
9FVhEBS72ObVaNcaDb8Qn14Q5+YqWZ3a3RbtYucTBXa6P6gMDaJsjnrqEUdC3ocCAwEAAaOCAbsw
ggG3MFEGA1UdHwRKMEgwRqBEoEKGQGh0dHA6Ly9lY2EtY2xpZW50LWNybC52ZXJpc2lnbi5jb20v
VmVyaVNpZ25FQ0EyMDQ4L0xhdGVzdENSTC5jcmwwDgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBQH
vhtHKPpHbiitw7GuTM8KJrwPDjAfBgNVHSMEGDAWgBQNT8LF2hOQIhfdUFwK9CFL/HIoGjAeBgNV
HREEFzAVgRNqYXNvbm1jQHNlaS5jbXUuZWR1MIGABggrBgEFBQcBAQR0MHIwPwYIKwYBBQUHMAKG
M2h0dHBzOi8vZWNhMjA0OC52ZXJpc2lnbi5jb20vQ0EvVmVyaVNpZ25FQ0EyMDQ4LmNlcjAvBggr
BgEFBQcwAYYjaHR0cDovL2VjYS1jbGllbnQtb2NzcC52ZXJpc2lnbi5jb20wUgYDVR0gBEswSTBH
BgpghkgBZQMCAQwBMDkwNwYIKwYBBQUHAgEWK2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBv
c2l0b3J5L2VjYS9jcHMwGwYDVR0JBBQwEjAQBggrBgEFBQcJBDEEEwJVUzANBgkqhkiG9w0BAQUF
AAOCAQEAEKRKLoV7Hc0tgzhbFIVXTA130BmySTS2GJvVbblDnEjVP8+YbA857RVEMcg6eGGt3WsF
70iLcU297S60ZA/0Xc54eQ7HrZ7XP+SKGGQqZfEbF0reOC9/9C+9pVL8v/xCpG230WNQxJvBr3O/
lkZr+4aU5Ea/9ffPvQ3fo6wWoWjLB38si/LM08bm0LoMk8YmCXD62aGhrEfpjNnUm3r8nCkEbFwd
rYUrnF2aJ9YJQaZXDwU1wicnaYsxAGMuhh7ztcdz4sSCYcClFpsz5tfxK6JSTZ6Cw0qq3lupcNat
VHqdKXHjqBJ7Wv6yGcJJ5U+Rl5ocnQP/VrpNS3mufiOg4jCCBewwggTUoAMCAQICAQowDQYJKoZI
hvcNAQEFBQAwTTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UE
CxMDRUNBMRYwFAYDVQQDEw1FQ0EgUm9vdCBDQSAyMB4XDTA4MDcwMjE0NDExOFoXDTE0MDcwMTE0
NDExOFowgZkxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsT
A0VDQTEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczE+MDwGA1UEAxM1VmVyaVNp
Z24gQ2xpZW50IEV4dGVybmFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8C57rjfKGaA2AJDjO5iF4XodgHbBf2g1wjmLii7yMBoxC
KybKk9OotZyJBxX+8Rj+D4PbVKBTuqCISY6pE3QkTubjoTzfFBDxZmNfqSNB8Y8/4ogPNHOQHXNn
zB5o7no3GBZf1I4TIxTLmcQuXup7fz5qjC0cBdLBMZS4hIuqR3YE87deifcwkp9x93wsdh9z8X6S
LPPCsan9rT9Hkj91SCOAs6QksAKqpYy3VkXHn3wCAoGxcekKT7MjLb8ruSUZiWG2IfbpiS8Nb5DB
Bpdhi2w9vM8jinpNML16qXoLWmMsLxgOT0sdTKgI8XZAIIxVNge3aTXp1KeW/K+12dkXAgMBAAGj
ggKIMIIChDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAtBgNVHREEJjAkpCIw
IDEeMBwGA1UEAxMVUHJpdmF0ZUxhYmVsNC0yMDQ4LTgxMB0GA1UdDgQWBBQNT8LF2hOQIhfdUFwK
9CFL/HIoGjAfBgNVHSMEGDAWgBTt5IfQJ8RQ5oQ698z36zpJ/FJOITAzBgNVHSAELDAqMAwGCmCG
SAFlAwIBDAEwDAYKYIZIAWUDAgEMAjAMBgpghkgBZQMCAQwDMIHIBgNVHR8EgcAwgb0wNKAyoDCG
Lmh0dHA6Ly9jcmwuZGlzYS5taWwvZ2V0Y3JsP0VDQSUyMFJvb3QlMjBDQSUyMDIwgYSggYGgf4Z9
bGRhcDovL2NybC5nZHMuZGlzYS5taWwvY24lM2RFQ0ElMjBSb290JTIwQ0ElMjAyJTJjb3UlM2RF
Q0ElMmNvJTNkVS5TLiUyMEdvdmVybm1lbnQlMmNjJTNkVVM/Y2VydGlmaWNhdGVSZXZvY2F0aW9u
TGlzdDtiaW5hcnkwge4GCCsGAQUFBwEBBIHhMIHeMD8GCCsGAQUFBzAChjNodHRwOi8vY3JsLmRp
c2EubWlsL2dldElzc3VlZFRvP0VDQSUyMFJvb3QlMjBDQSUyMDIwgZoGCCsGAQUFBzAChoGNbGRh
cDovL2NybC5nZHMuZGlzYS5taWwvY24lM2RFQ0ElMjBSb290JTIwQ0ElMjAyJTJjb3UlM2RFQ0El
MmNvJTNkVS5TLiUyMEdvdmVybm1lbnQlMmNjJTNkVVM/Y0FDZXJ0aWZpY2F0ZTtiaW5hcnksY3Jv
c3NDZXJ0aWZpY2F0ZVBhaXI7YmluYXJ5MA0GCSqGSIb3DQEBBQUAA4IBAQCyXkDOC2RHPINhBWp6
cYImKaOZa6LAxmw3HGz14s7m1qvgLEXcKJkVX8SzjC8mmVFrNsNgCb+8i9+WzQjilnQAk49311PJ
IVbVeQbAjUngT9c2r3+4Y0KVWJHo6ZghvAzGxqye5gupmpKpnf0v1Sox1c5v4g19zCoSEurI6EhI
FNioTOUihSdLfHqGdQeZKZZ3xq9cgJ2FyjyU0FZ1np7u7zQSvbtCwtV3bH5qMCbXC4YlPH+N17Kf
/77t0v/U4P0xytizLUewGA0hYD9vmGsD6kPxJUiGaB1CUH20ygL7I19efJF7J2NsLx9lnTDKR5o+
xr4pCMP7T/+8Pf7sHuphMYID4zCCA98CAQEwga4wgZkxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9V
LlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0VDQTEiMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRo
b3JpdGllczE+MDwGA1UEAxM1VmVyaVNpZ24gQ2xpZW50IEV4dGVybmFsIENlcnRpZmljYXRpb24g
QXV0aG9yaXR5IC0gRzICEBV+hQ+AEolEu5WJ07D08iAwCQYFKw4DAhoFAKCCAgkwGAYJKoZIhvcN
AQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMDkwNDIwMjEyMDAwWjAjBgkqhkiG9w0B
CQQxFgQUOVs+Q5eGMgmGUzq+vZToROsNVPAwJAYJKoZIhvcNAQkPMRcwFTAKBggqhkiG9w0DBzAH
BgUrDgMCGjCBvwYJKwYBBAGCNxAEMYGxMIGuMIGZMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPVS5T
LiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNFQ0ExIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9y
aXRpZXMxPjA8BgNVBAMTNVZlcmlTaWduIENsaWVudCBFeHRlcm5hbCBDZXJ0aWZpY2F0aW9uIEF1
dGhvcml0eSAtIEcyAhBD7/fJqZqwWP8DGYklgqoMMIHBBgsqhkiG9w0BCRACCzGBsaCBrjCBmTEL
MAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRUNBMSIwIAYD
VQQLExlDZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMT4wPAYDVQQDEzVWZXJpU2lnbiBDbGllbnQg
RXh0ZXJuYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMgIQQ+/3yamasFj/AxmJJYKqDDAN
BgkqhkiG9w0BAQEFAASCAQA//5fbdZq2aVy/AqhMuPRmBJQih5Dax5FeDacT3bTwhqm8PK4p8ikx
XZJ+yEdU/7J5qAOvw3JSqkseniBS+gppJ9bEHobjzuTACNnOHOSlK0ngaUSnOniJm7KqAXL7iz8r
2qljTu1kJF4hEXRQnGXq7qQufcS5Vw7M2vPKavoVaeDEAjZenADLZ01iHlo9HHm062tRoT2LZDon
ytU2z4kG/7d0vP6wxnn7QwDKL9/Jub3VrbwAgXPaikzrPvPqp7RCKYXctaQ62PbWy3KNXb3fZy+z
fiR3aMxsMFL33l5EeVsuDw13CNOL7/GYZ7zmhP6EZS7SISnTgAhKACDwYN4YAAAAAAAA
------=_NextPart_000_0027_01C9C1DC.3C87FA00--
--===============1789227080==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1789227080==--
