kinit -S host/hostname.domain.com@REALM doesnot send TGS Request
Ken Hornstein
kenh at cmf.nrl.navy.mil
Fri Mar 29 00:09:30 EST 2002
>When we use kinit to get the service ticket for a host, then it will not
>send TGS_REQ but sends AS_REQ to the KDC.
>
>
>$ ./kinit -S host/sonata-sparc.cybssl.com at SONHP3TEST.COM
>Password for csri at SONHP3TEST.COM:
Yes, that's correct. It's supposed to. Note that I suspect you're
misunderstanding the use of the -S flag ... it's usually used for
those rare cases when you want to get a service ticket for a service
that has been explicitly disabled from being gotten by a TGS_REQ
(like kadmin/admin, for example).
If you're trying to test Kerberos, you should try an application like
Kerberos telnet/rlogin/ftp; those will use TGS_REQ to acquire service
tickets without prompting for a password.
--Ken
More information about the Kerberos
mailing list