[31451] in Kerberos
Re: Kerberos service ticket issue!!!
daemon@ATHENA.MIT.EDU (Priya B)
Fri Sep 4 15:27:50 2009
From: Priya B <priya9907@gmail.com>
Date: Fri, 4 Sep 2009 07:15:41 -0700 (PDT)
Message-ID: <a974ac03-b8e0-423d-98f2-cc76ca437fee@x37g2000yqj.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Cc: srini.csit@gmail.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Thank you so much for your response!
We modified the krb5.conf file (as below) and also switched from UDP
to TCP. Now we're not getting any errors in the trace. But still we
don't get the service ticket (same exception). In the trace for some
reason, after the client gets the TGS response, the client closes the
TCP connection, and never tries to get a service ticket. It is not
querying regarding the service at all.
Anyway, below are some answers to your questions:
What version of Java?
>>> 1.6
Do you have cross realm setup between the two realms?
>>> It should be there, because we have another application (based on SSPI) using which we are able to sign-in to the same service.
Do you have the krb5.conf on the client setup for cross realm?
>>> We have. Below is the conf file. Do let us know if it needs any corrections.
--------------------------------------------------------------
[libdefaults]
udp_preference_limit = 1
default_realm = REALM1.COM
dns_lookup_kdc = true
[realms]
REALM1.COM = {
kdc = host1.realm1.com
default_domain = realm1.com
}
REALM2.COM = {
realm_type = WINNTv1
ENC_TYPES_LIST = RC4_HMAC, DES_CBC_MD5, DES_CBC_CRC
kdc = {
name = host2.realm2.com
default_domain = .realm2.com
protocol = TCP
}
}
[domain_realm]
.realm1.com = REALM1.COM
.realm2.com =REALM2.COM
[capaths]
REALM1.COM = {
REALM2.COM = .
}
REALM2.COM = {
REALM1.COM = .
}
[logging]
--------------------------------------------------------------
Is one or both of the realms Window AD?
>>> Shall confirm that soon.
You appear to have done some tracing, but have not said where you are
seeing these messages or how far along the process of getting tickets
has gotten. i.e. client to client's KDC or client to server's KDC.
>>> client to client's KDC
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
