Updating encryption types
Jeffrey Hutzelman
jhutz at cmu.edu
Thu Jul 7 21:21:25 EDT 2005
On Thursday, July 07, 2005 06:18:16 PM -0700 Phil Dibowitz <phil at usc.edu>
wrote:
> On Thu, Jul 07, 2005 at 09:03:36PM -0400, Jeffrey Hutzelman wrote:
>>
>>
>> On Thursday, July 07, 2005 05:46:18 PM -0700 Phil Dibowitz
>> <phil at usc.edu> wrote:
>>
>> > and the right tgt (based on Kerberos by Brian Tung), doesn't seem to be
>> > doing anything:
>> >
>> > krbtgt at ISD.USC.EDU
>>
>> This principal is meaningless, and is used for nothing.
>>
>> > and the mystery ticket is doing everything:
>> >
>> > krbtgt/ISD.USC.EDU at ISD.USC.EDU
>>
>> This principal is the local-realm ticket-granting service.
>>
>> In other words, it's working exactly like it's supposed to. It's
>> anyone's guess where the meaningless principal came from.
>
> So krbtgt at REALM is not what MIT krb uses as the TGT, it uses
> krbtgt/REALM at REALM - just a discrepency between the MIT implimentation
> and the Kerb book I have?
It's not what _anything_ uses, and so far as I can remember never has been.
If the book says that, then either it's a typo or Brian was asleep when he
wrote that part. :-)
-- Jeff
More information about the Kerberos
mailing list