Principle name mappings question

Ben W Young ben.w.young at det.nsw.edu.au
Wed Feb 27 20:11:48 EST 2008


Hi,

I am very new to Kerberos authentication and am having problems with getting
a ticket for a users on multiple AD Realms.
The client OS is OS X 10.4.x and using LDAP Mappings and /etc/authorization
for kerb ticket at login window.

The user names are like this:
firstname.lastname at DOM1
firstname.lastname at DOM2

This is what my edu.mit.kerberos file looks like:

[libdefaults]
        default_realm = DOM1.WIN
        
 DOM1.WIN = {
                admin_server = server1.dom1.win.:749
                kdc = server1.dom1.win.:88
}
 DOM2.WIN = {
                admin_server = server1.dom2.win.:749
                kdc = server1.dom2.win.:88

The first thing is that I don't believe @DOM1 is mapping to the DOM1.WIN and
it just defaults to DOM1.WIN in the edu.mit.kerberos file.  As a consequence
this user (firstname.lastname at DOM1) gets a ticket.
So when firstname.lastname at DOM2 try's it cant resolve to DOM2 to it defaults
to DOM1.WIN in the edu.mit.kerberos file and fails to get a ticket
 
Does anyone have any ideas on the way forward here? I am really stuck!

Any help would be much appreciated!

Ben W Young
Technology Services Administrator
ben.w.young at det.nsw.edu.au




**********************************************************************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**********************************************************************



More information about the Kerberos mailing list