ksu: Incorrect net address while geting credentials from kdc

Sat Nov 2 19:19:11 EST 2002

OK, that's good to hear, thanks.

Is there something wrong too with the way a ticket with an address get
forwarded, i.e., the ticket only having the address I used for telnet, and
not the addresses of the other interfaces I would see if I did a kinit to
get the ticket.

The forwarded ticket only has one address in it, but if I kinit it has
several.  

It's like the ticket needs the hostname interface address for ksu to work;
ksu only works if I kinit and don't use a forwarded ticket.

I guess when the forwarded ticket gets created, we don't know what the other
interfaces are, unlike kinit does?

Is there something I'm not doing, or a way around this?

Thanks,
Kevin

-----Original Message-----
From: Sam Hartman [mailto:hartmans at mit.edu]
Sent: Saturday, November 02, 2002 12:59 PM
To: Adams Kevin J
Cc: kerberos at mit.edu
Subject: Re: ksu: Incorrect net address while geting credentials from
kdc

>>>>> "Adams" == Adams Kevin J <kevin.adams at phs.com> writes:

    Adams> Dear kerberos helpers, I have some multihomed Linux (krb
    Adams> 1.2.5) and AIX (krb 1.2.2) hosts, with the KDC on AIX.

    Adams> If I kinit -A from Linux, and telnet -F to AIX, the
    Adams> forwarded ticket always has an address. On Linux the ticket
    Adams> does not have an address, but the forwarded ticket on AIX
    Adams> does.

This will be fixed in Kerberos 1.3.  The code has already been
committed so that forwarded addressless tickets are addressless.

We do not have public timelines for future Kerberos releases, so I
have no comment on when 1.3 will be released.

This electronic message transmission, including any attachments, contains information from PacifiCare Health Systems Inc. which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited.  

If you have received this electronic transmission in error, please notify the sender immediately by a "reply to sender only" message and destroy all electronic and hard copies of the communication, including attachments.