Cross realm auth with MS Server 2003 and MIT kerb

BarBaar beurdy at
Mon Oct 25 09:21:05 EDT 2004


Today I started to sniff the network, while trying to setup aan
cross-realm kerberos-session... (realm named: and

And the sniffer (ethereal) did not tell me very much.. But he did tell
me the WinXp client is requesting a TGS from the w2k3 AD KDC (which is
good!). And the AD KDC send a error back:
krb5kdc_err_s_principal_unknown.. (which is not good)

So (correct me if I am wrong) the AD KDC does not see that this host
is in a different realm, and therefore does not respond with the
correct ticket (which should be a krbtgt/TEST.NL at TESTER.TEST.NL?)

Any ideas on this?

More information about the Kerberos mailing list