Cross-Realm forwardable tickets
Philippe Perrin
philippeperrin at yahoo.com
Thu Mar 7 13:07:28 EST 2002
Hello
With Heimdal, I authenticate on a realm R1, and I wish to log on a realm R2
(which trusts R1) with ticket-forwarding (at least the TGT for R2). I run
the following commands :
kinit -f user at R1
telnet -l user -a -F some.host
The telnet is successful, but no ticket was forwarded !
If I exit the telnet and list the tickets, I can see :
- the initial TGT : krbtgt/R1 at R1 (forwardable)
- the second TGT : krbtgt/R2 at R1 (non-forwardable)
- the service ticket : host/some.host at R2 (non-forwardable)
I guess the problem is that the second TGT is not forwardable. How can I
force this ?
Thank you !
Philippe
More information about the Kerberos
mailing list