Cross-Realm forwardable tickets

Matt Crawford crawdad at fnal.gov
Fri Mar 8 13:22:47 EST 2002


Philippe Perrin wrote:
> The telnet is successful, but no ticket was forwarded !
> If I exit the telnet and list the tickets, I can see :
> - the initial TGT : krbtgt/R1 at R1 (forwardable)
> - the second TGT : krbtgt/R2 at R1 (non-forwardable)
> - the service ticket : host/some.host at R2 (non-forwardable)
> I guess the problem is that the second TGT is not forwardable. How can I
> force this ?

I bet the admin of R1 has to set the "forwardable" flag on krbtgt/R2 at R1.



More information about the Kerberos mailing list