tickets not showing up

David Tsai dwtsai at MIT.EDU
Tue Jul 27 04:30:40 EDT 2004 

Hi, I'm new to Kerberos from the admin/developer end of things and am working on a Java 1.4.2 GSS-API project where I'm trying to kerberize a few classes.  I set up a KDC on a Linux 9 server and have a Windows XP client machine connecting to it.  I ran the JAAS Authenticaction tutorial at http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/AcnOnly.html and it said "authentification succeeded".  However, when I do a "klist" on the KDC server or on the Windows XP machine, I don't see any tickets issued.  I system.out'ed the mysubject.getPrivateCredentials() and it prints out all the info for a ticket that I supposedly got, but I am baffled at why klist doesn't show it.

Any insight on this would be greatly apprecitaed.

--DaviddFrom lmichenaud at adeuza.fr Tue Jul 27 06:06:07 2004
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
	[18.7.7.76])
	by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i6RA66l1029682
	for <kerberos at PCH.mit.edu>; Tue, 27 Jul 2004 06:06:06 -0400 (EDT)
Received: from mallaury.noc.nerim.net (smtp-102-tuesday.noc.nerim.net
	[62.4.17.102])i6RA65aY016515
	for <kerberos at mit.edu>; Tue, 27 Jul 2004 06:06:06 -0400 (EDT)
Received: from [192.168.1.177] (unknown [80.65.237.203])
	by mallaury.noc.nerim.net (Postfix) with ESMTP id 6755462E06
	for <kerberos at mit.edu>; Tue, 27 Jul 2004 12:06:04 +0200 (CEST)
Message-ID: <4106290C.5080105 at adeuza.fr>
Date: Tue, 27 Jul 2004 12:06:04 +0200
From: Michenaud Laurent <lmichenaud at adeuza.fr>
Organization: Adeuza
User-Agent: Mozilla Thunderbird 0.7.1 (Windows/20040626)
X-Accept-Language: fr, en
MIME-Version: 1.0
To: kerberos at mit.edu
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Architecture Question between Windows 2003 and Unix Mit Kerberos
 Server
X-BeenThere: kerberos at mit.edu
X-Mailman-Version: 2.1
Precedence: list
Reply-To: lmichenaud at adeuza.fr
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Help: <mailto:kerberos-request at mit.edu?subject=help>
List-Post: <mailto:kerberos at mit.edu>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
	<mailto:kerberos-request at mit.edu?subject=subscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
	<mailto:kerberos-request at mit.edu?subject=unsubscribe>
X-List-Received-Date: Tue, 27 Jul 2004 10:06:07 -0000

Hi,

We have a Windows 2003 Server with Active Directory.
Windows 2003 Server has it own implementation of Kerberos V5 ( right ? ).
Windows 2003 Server manages the accounts into Active Directory.

We have a Linux MIT Kerberos Server.
MIT Kerberos has a user account database ( user 
What we want :
Authenticate against the MIT Kerberos Server using a Windows account.

I don't know how to do that.

Should users in Windows 2003 be replicated in the MIT Kerberos Server ?
Should Mit Kerberos be able to ask the Windows 2003 Server for 
authentification
if the user doesnot exist in the database ?
Is the Mit Kerberos server a slave and Windows 2003 the master ?

Thanks to help me

More information about the Kerberos mailing list