Trouble with service principal missing its realm
Rich McDonough
rich.mcdonough at worldgaming.com
Thu Nov 27 06:47:30 EST 2008
That's an excellent question. Jeffery is right though - adding this to
my krb5.conf fixed the realm issue:
[domain_realm]
.staging.wg = STAGING.WG
staging.wg = STAGING.WG
.wg = STAGING.WG
wg = STAGING.WG
staging [joe at nms ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_10000
Default principal: joe at STAGING.WG
Valid starting Expires Service principal
11/27/08 11:41:29 11/28/08 11:40:46 krbtgt/STAGING.WG at STAGING.WG
11/27/08 11:41:41 11/28/08 11:40:46 ldap/db.wg at STAGING.WG
On 27-Nov-08, at 4:26 AM, Tim Alsop wrote:
> Jeffrey,
>
> Regarding:
>
>> A service ticket in the credential cache without a realm name
>> is a service ticket that was obtained using server side referrals.
>> The actual realm name was not specified by the client when
>> requesting the service ticket.
>
> [Tim Alsop] Is the fact that there is no realm, a bug, or is the
> cache supposed to contain tickets without a realm in this scenario ?
> Surely if actual realm was not specified, when the actual realm is
> determined by KDC, and ticket issued, this realm should be used when
> putting the ticket in the client cache ? if not, why not ?
>
> Thanks,
> Tim
Rich McDonough
System Adminstrator
Worldgaming
rich.mcdonough at worldgaming.com
More information about the Kerberos
mailing list