Solaris 9 Cross Realm Authentication Problems
Jeffrey Hutzelman
jhutz at cmu.edu
Fri Apr 1 23:34:50 EST 2005
On Friday, April 01, 2005 07:23:37 PM -0800 Darren Hoch
<webmaster at litemail.org> wrote:
> kadmin: lisprincs
> <snip>
> krbtgt/example1.com at EXAMPLE2.COM
> krbtgt/example2.com at EXAMPLE1.COM
> krbtgt/example1.com at EXAMPLE.COM
The second components of each of these principal names must exactly match
the name of the realm involved, including case. So, for example, for a
client in the EXAMPLE1.COM realm to authenticate to a service in the
EXAMPLE.COM realm, you need krbtgt/EXAMPLE.COM at EXAMPLE1.COM to exist. Of
course, it needs to exist in both realms and have the same key and kvno in
both places.
-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
More information about the Kerberos
mailing list