tickets not showing up
David Tsai
dwtsai at MIT.EDU
Tue Jul 27 21:27:28 EDT 2004
Thanks for the quick replies, I really appreciate it.
In a normal scenario where my windows xp client is authenticating against (and getting a ticket from) the linux KDC server, should I expect the ticket to be on the windows java sdk's klist or on the linux server's klist? I am a bit confused on how to view the kerberos system, because I could see how both scenarios would make sense (the windows machine has the ticket and therefore it's in its klist, but the kdc klist might show the ticket because the server is the one that issued it and it keeps track of issued tickets).
Also, even though the tutorial's ticket isn't cached, how would I go about giving the ticket to other classes so they can use it? I basically want to use this same ticket and pass it to other classes. Is it simply a matter of passing the Subject() instance around, or do I need to cache it somehow and formally forward it somehow? I am a bit concerned about this because the subject.getPrivateCredentials() shows a string printout of:
.
.
.
Fowardable Ticket false
Forwarded Ticket false
Proxy Ticket false
Postdated Ticket
Renewable Ticket false
Initial Ticket false
.
.
.
Renew Till = Null
Client Addresses Null ]
I haven't researched enough of the GSS API to know all the parameters, but intuitively it doesn't seem like a very "healthy" or useable ticket...
Any insight on these questions would be greatly appreciated.
--DaviddFrom news at ra.nrl.navy.mil Wed Jul 28 02:15:13 2004
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i6S6FCl1009444
for <kerberos at PCH.mit.edu>; Wed, 28 Jul 2004 02:15:12 -0400 (EDT)
Received: from ra.nrl.navy.mil (ra.nrl.navy.mil [132.250.1.121])
i6S6FBee020962
for <kerberos at MIT.EDU>; Wed, 28 Jul 2004 02:15:11 -0400 (EDT)
Received: (from news at localhost)
by ra.nrl.navy.mil (8.11.7p1+Sun/8.11.7) id i6S6CO907439
for kerberos at MIT.EDU; Wed, 28 Jul 2004 02:12:24 -0400 (EDT)
From: mdj_frend at yahoo.com (mdj_kerberos)
X-Newsgroups: comp.protocols.kerberos
Date: 27 Jul 2004 23:11:46 -0700
Organization: http://groups.google.com
Message-ID: <2db721d6.0407272211.78c2595b at posting.google.com>
To: kerberos at MIT.EDU
Subject: Is FQDN a must ?????????
X-BeenThere: kerberos at mit.edu
X-Mailman-Version: 2.1
Precedence: list
List-Id: The Kerberos Authentication System Mailing List <kerberos.mit.edu>
List-Help: <mailto:kerberos-request at mit.edu?subject=help>
List-Post: <mailto:kerberos at mit.edu>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request at mit.edu?subject=subscribe>
List-Archive: <http://mailman.mit.edu/pipermail/kerberos>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/kerberos>,
<mailto:kerberos-request at mit.edu?subject=unsubscribe>
X-List-Received-Date: Wed, 28 Jul 2004 06:15:13 -0000
hi all,
I would like to know whether FQDN is a must for kerberos???
thank you
More information about the Kerberos
mailing list