Cross-realm issue - what am I missing?
Inger, Slav (.)
vinger at ford.com
Wed Apr 14 18:35:55 EDT 2004
Hi all,
I tested cross-realm awhile back and it seemed to work fine, not sure why I'm running into issues now, maybe I'm forgetting something obvious. Scenario: KDC is Active Directory, clients are running Solaris and HP-UX with Kerberos and appropriate patches. I tried going Sun to Sun and HP to HP, didn't get too far with either. Two clients are in different realms, have good keytabs and good krb5.conf's (tried with and without [capaths] section). The passwd entries for the user logging in from one realm to the other are identical on both clients (meaning the same user is doing cross-realm login). The issue is with authorization, for some reason the destination machine is not authorizing the user from the source realm. Works the same with and without .k5login file in user's home dir on the destination host. [domain_realm] is set up correctly, with two DNS domains referencing their respective realms. The user's cache shows 2 TGTs (for his own realm and one for cross-realm) and a host ticket, but he just can't log in. Any idea what's going on here? Thanks!
More information about the Kerberos
mailing list