Cross Realm Auth: how to resolve the issue of finding the 'Correct' realm of service for ms w2k client...

Mark Campbell mcc171 at psu.edu
Thu Apr 8 10:07:56 EDT 2004 

I have seen this.  The way I fixed it is to make sure the windows client
is appending the proper DNS suffix.  If you right click My computer go to
properties then Computer Name then change then more and see what DNS
suffix the system is appending.  Change it to what you want and try then.
I have tried this on XP and 2k3 not 2k but please let me know if it
worked.


Mark Campbell
Systems Analyst, Advanced Information Technologies
Information Technology Services
The Pennsylvania State University
mcc171 at psu.edu, 814-865-4774

On Wed, 7 Apr 2004, Lara Adianto wrote:

> Hello,
>
> Quoting from the paper of Michael Swift, Irina
> Kosinovsky and Johathan Trostle titled Implementation
> of Crossrealm Referral Handling in the MIT Kerberos
> Client:
>
> "The Windows 2000 client does not canonicalize names
> at all, so the short name is sent to the KDC."
>
> Hence, if my understanding is correct, a request for
> service: host/service-name.foo.org will be sent to MIT
> Kerberos KDC as host/service-name at KERBEROS.REALM and
> not as host/service-name.foo.org at KERBEROS.REALM
>
> How does MIT Kerberos determine the appropriate realm
> to be used in issuing a referral ticket for the
> client's request ? DNS ? Krb5.conf ? Does this mean
> that every service-name must have an entry in the DNS
> or Krb5.conf. For example:
> serviceA = realmA
> serviceB = realmB
> Coz I think the KDC doesn't have any clue of the
> domain of the service, only the service-name...
>
> Thanks in advance,
> -lara-
>
> =====
> ------------------------------------------------------------------------------------
> La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
>                                                                         - Guy de Maupassant -
> ------------------------------------------------------------------------------------
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Small Business $15K Web Design Giveaway
> http://promotions.yahoo.com/design_giveaway/
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

More information about the Kerberos mailing list