HostToRealm issue on Windows
miguel.sanders@arcelormittal.com
miguel.sanders at arcelormittal.com
Tue Jun 23 03:29:42 EDT 2009
Hi guys
I'm currently facing a problem with the HostToRealm mapping on a Windows client machine in a cross realm setup.
Let's consider the following setup
REALMA.COM - AD realm (DNS suffix realma.com)
REALMB.COM - MIT realm (DNS suffix realmb.com)
Cross realm setup and working properly. (Tested by doing a SSPI ticket request for HTTP/somehost.realmb.com at REALMB.COM)
HostToRealm mapping is set up properly in the registry of the Windows XP client machine so that .realmb.com is linked to REALMB.COM (don't know if this is really necessary since the realm name is the uppercase version of the DNS zone).
Now there appears to be problem when using IE/Mozilla since either application will not append a realm AFAIK.
Apparently, whenever the Windows XP client machine is attempting to ask for a service ticket HTTP/somehost.realmb.com, the TGS-REQ is sent to the REALMA.COM realm.
I always thought that the [domain_realm] / HostToRealm section was searched by the client in order to know the realm that should addressed.
As a result, the client libs would come to realize that somehost.realmb.com is linked to REALMB.COM and a cross realm ticket would be needed first.
Unfortunately, this is not what is happening :(
Any idea what is wrong with scenario above?
Thanks for your help
Met vriendelijke groet
Best regards
Bien à vous
Miguel SANDERS
ArcelorMittal Gent
UNIX Systems & Storage
IT Supply Western Europe | John Kennedylaan 51
B-9042 Gent
T +32 9 347 3538 | F +32 9 347 4901 | M +32478 805 023
E miguel.sanders at arcelormittal.com
www.arcelormittal.com/gent
More information about the Kerberos
mailing list