kinit in cross domain and cross realm

Vikas Gandhi vgandhi at quark.co.in
Sun Dec 14 04:00:31 EST 2003 

Hi  
Can someone guide me If I have a user account in ADSI called as sample
and I want to run gssapi samples from Solaris 9 using it. I
countinuously get this results "Server not found in Kerberos
database". My belief is this that I am not able to generate the right
keytab file.
What should be my kinit 

ktpass -princ sample/blade.qdms.co.in at QDMS.CO.IN -mapuser sample -pass
sample -out blade.keytab

or 
ktpass -princ sample/blade.quark.co.in at QDMS.CO.IN -mapuser sample
-pass sample -out blade.keytab (domain blade.quark.co.in)

or 
ktpass -princ sample/blade.quark.co.in at QDMS.CO.IN -mapuser sample
-pass sample -out blade.keytab (domain blade.quark.co.in)

My details are given below.
 WIN-OS: 2003 server
 WIN-DOMAIN: QDMS.CO.IN
 WIN-relam: QDMS.CO.IN
 win-host-name: beetle.qdms.co.in
 
 SUN-OS: solaris 9
 SEAM-DOMAIN: QUARK.CO.IN
 win-host-name: blade.quark.co.in
 seam-relam: QUARK.CO.IN
 seam version: 1.01

 My /etc/hosts file says the following
 X.X.X.X    blade.qdms.co.in blade.quark.co.in blade
 X.X.X.X    beetle  beetle.qdms.co.in beetle.quark.co.in
 
 My /etc/resolv.conf says
 domain  quark.co.in
 nameserver      X.X.X.X
 nameserver      X.X.X.X
 search quark.co.in qdms.co.in
 
My /etc/krb5/krb5.conf says
[libdefaults]
        default_realm = QDMS.CO.IN
#        default_realm = QUARK.CO.IN
        default_tgs_enctypes = des-cbc-crc
        default_tkt_enctypes = des-cbc-crc
#       dns_lookup_kdc=true
#       dns_lookup_realm =true

[realms]
                QUARK.CO.IN= {
                kdc = blade.quark.co.in
                admin_server = blade.quark.co.in
        }
          QDMS.CO.IN= {
                kdc = beetle.qdms.co.in:88
                admin_server = beetle.qdms.co.in
                default_realm = QDMS.CO.IN
        }
[capaths]
        QUARK.CO.IN = {
                QDMS.CO.IN = .
        }
        QDMS.CO.IN = {
                QUARK.CO.IN = .
        }
[domain_realm]
        .quark.co.in= QDMS.CO.IN
        .qdms.co.in= QDMS.CO.IN
#
# if the domain name and realm name are equivalent,
# this entry is not needed
#
[logging]
        default = FILE:/var/krb5/kdc.log
        kdc = FILE:/var/krb5/kdc.log
        kdc = SYSLOG:INFO:DAEMON

[appdefaults]
    gkadmin = {
        help_url = http://blade:8888/ab2/coll.384.1/SEAM/@AB2PageView/6956
        }
        kinit = {
                forwardable = true
       }
        telnet  = {
                forward = true
                encrypt = true
              encrypt = true
                autologin = true
        }
 
FYI: I am able to kinit to the windows kdc and get a ticket. Next I
have successfully run the sspi(windows Feb-2003 SDK) samples
successfully using SEAM KDC and ADSI kdc. Also I am able to ru the
GSSAPI samples with SEAM successfully.

Regards
Vikas

More information about the Kerberos mailing list