[33051] in Kerberos
Re: Cross realm authentication
daemon@ATHENA.MIT.EDU (Frank Cusack)
Wed Jan 5 13:51:01 2011
Date: Wed, 05 Jan 2011 09:50:00 -0800
From: Frank Cusack <frank@linetwo.net>
To: krbmit siso <krbmit@gmail.com>
Message-ID: <F675173F314708E67A39AF1E@cusack.local>
In-Reply-To: <AANLkTindx-U5FvDGFqx5ADASNpa_im33M0st9PeHLmaW@mail.gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 1/5/11 2:53 PM +0530 krbmit siso wrote:
> *Server Principal Names in TGS-REQ.*
> Padata field -> Contents in the TICKET which is visible
> Tkt-vno: 5
> Realm: realm1.com
> Server Name (Principal): krbtgt/realm2.com
> Kdc-Req-body->
> Realm: REALM2.COM <http://realm2.com/>
> Server Name (Principal): ldap/
> win2003.realm2.com <http://win2003dpdnic.realm2.com/>
That looks wrong. I see krbtgt/realm2.com but the realm is actually
REALM2.COM? You have a case mismatch.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
