Updating encryption types
Phil Dibowitz
phil at usc.edu
Thu Jul 7 21:18:16 EDT 2005
On Thu, Jul 07, 2005 at 09:03:36PM -0400, Jeffrey Hutzelman wrote:
>
>
> On Thursday, July 07, 2005 05:46:18 PM -0700 Phil Dibowitz <phil at usc.edu>
> wrote:
>
> >and the right tgt (based on Kerberos by Brian Tung), doesn't seem to be
> >doing anything:
> >
> >krbtgt at ISD.USC.EDU
>
> This principal is meaningless, and is used for nothing.
>
> >and the mystery ticket is doing everything:
> >
> >krbtgt/ISD.USC.EDU at ISD.USC.EDU
>
> This principal is the local-realm ticket-granting service.
>
> In other words, it's working exactly like it's supposed to. It's anyone's
> guess where the meaningless principal came from.
So krbtgt at REALM is not what MIT krb uses as the TGT, it uses
krbtgt/REALM at REALM - just a discrepency between the MIT implimentation and the
Kerb book I have?
OK, I'm happy with that.
Deleting the meaningless ticket in test seems to be harmless. Sweet. OK,
awesome, thanks.
--
Phil Dibowitz
Systems Architect and Administrator
Enterprise Infrastructure / ISD / USC
UCC 180 - 213-821-5427
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20050707/e9b4b93b/attachment.bin
More information about the Kerberos
mailing list