Problem with Cross REALM authentication hierarchly
Rafael da Rosa Righi
rafael at mail.ufsm.br
Fri Oct 25 16:47:10 EDT 2002
Hello all,
I tried to configure a cross realm auth. with 3 REALMS .
I am going to show my problem with examples:
First REALM: XXXX.BR
Second REALM: YYY.XXXX.BR
Third REALM: ZZZ.XXXX.BR
XXXX.BR
/ \
/ \
YYY.XXX.BR ZZZ.XXXX.BR
This is the same organization of DNS.
I constructed cross realm authentication between XXXX.BR and
YYY.XXXX.BR and this is OK. I constructed too, another cross realm
authentication between XXXX.BR and ZZZ.XXXX.BR and this is OK.
The problem is:
When I try an authentication between YYY.XXXX.BR and ZZZ.XXXX.BR I
recept a error. I configured the .k5login, krb5.keytab, the enctypes, the
enc-salt, key version.
************************************************************************************
KDC register: (Before I get TGT ticket for rafaelr at YYY.XXXX.BR)
Oct 25 17:05:53 r.ufm.br krb5kdc[30473](info): TGS_REQ (3 etypes {16 3 1})
200.xx.xx.xx ( 88): ISSUE: authtime 1035572747, etypes {rep=16 tkt=16
ses=16}, rafaelr at YYY.XXXX.BR for krbtgt /ZZZ.XXXX.BR at XXXX.BR
Oct 25 17:05:53 r.ufsm.br krb5kdc[30473](info): bad realm transit path from
'rafaelr at YYY.XXXX.BR to 'host/rmachine.AT.ZZZ.XXXX.BR at ZZZ.XXXX.BR via
'XXXX.BR'
Oct 25 17:05:53 re.ufm.br krb5kdc[30473](info): TGS_REQ (3 etypes {16 3 1})
200.xx.xx.xx(88): BAD_TRANSIT: authtime 1035572747, rafaelr at YYY.XXXX.BR for
host/ machine.AT.ZZZ.XXXX.BR at ZZZ.XXXX.BR KDC policy rejects request
****************************************************************************************
Thank you for help.
Rafael Righi. Brazil
More information about the Kerberos
mailing list