Cross-Realm forwardable tickets

Philippe Perrin philippeperrin at yahoo.com
Thu Mar 7 13:07:28 EST 2002


Hello

With Heimdal, I authenticate on a realm R1, and I wish to log on a realm R2
(which trusts R1) with ticket-forwarding (at least the TGT for R2). I run
the following commands :

kinit -f user at R1
telnet -l user -a -F some.host

The telnet is successful, but no ticket was forwarded !
If I exit the telnet and list the tickets, I can see :
- the initial TGT : krbtgt/R1 at R1 (forwardable)
- the second TGT : krbtgt/R2 at R1 (non-forwardable)
- the service ticket : host/some.host at R2 (non-forwardable)
I guess the problem is that the second TGT is not forwardable. How can I
force this ?

Thank you !

Philippe





More information about the Kerberos mailing list