Cross-Realm forwardable tickets

Philippe Perrin philippeperrin at yahoo.com
Fri Mar 8 18:18:53 EST 2002


Well, R1 is actually a Windows 2000 realm... do you know how to achieve this
?
Or maybe, could there be a simple solution, using a particular configuration
on the client side ?

Thanks for your help

Philippe

"Matt Crawford" <crawdad at fnal.gov> a écrit dans le message de news:
3C890177.F0596413 at fnal.gov...
> Philippe Perrin wrote:
> > The telnet is successful, but no ticket was forwarded !
> > If I exit the telnet and list the tickets, I can see :
> > - the initial TGT : krbtgt/R1 at R1 (forwardable)
> > - the second TGT : krbtgt/R2 at R1 (non-forwardable)
> > - the service ticket : host/some.host at R2 (non-forwardable)
> > I guess the problem is that the second TGT is not forwardable. How can I
> > force this ?
>
> I bet the admin of R1 has to set the "forwardable" flag on krbtgt/R2 at R1.





More information about the Kerberos mailing list