kinit -S host/hostname.domain.com@REALM doesnot send TGS Requ est
Srinivas Cheruku
csri at sonata-software.com
Fri Mar 29 00:26:24 EST 2002
>
>>When we use kinit to get the service ticket for a host, then
>it will not
>>send TGS_REQ but sends AS_REQ to the KDC.
>>
>>
>>$ ./kinit -S host/sonata-sparc.cybssl.com at SONHP3TEST.COM
>>Password for csri at SONHP3TEST.COM:
>
>Yes, that's correct. It's supposed to. Note that I suspect you're
>misunderstanding the use of the -S flag ... it's usually used for
>those rare cases when you want to get a service ticket for a service
>that has been explicitly disabled from being gotten by a TGS_REQ
>(like kadmin/admin, for example).
>
>If you're trying to test Kerberos, you should try an application like
>Kerberos telnet/rlogin/ftp; those will use TGS_REQ to acquire service
>tickets without prompting for a password.
I was under the impression that, kinit -S is given as an option to test the
host principal by sending a request to TGS to get a service ticket instead
of using telnet/rloign/ftp.
Thanks for the information.
Srini
>
>--Ken
>
*********************************************************************
Disclaimer: The information in this e-mail and any attachments is
confidential / privileged. It is intended solely for the addressee or
addressees. If you are not the addressee indicated in this message, you may
not copy or deliver this message to anyone. In such case, you should destroy
this message and kindly notify the sender by reply email. Please advise
immediately if you or your employer does not consent to Internet email for
messages of this kind.
*********************************************************************
More information about the Kerberos
mailing list