Kerberos service ticket issue!!!

Priya B priya9907 at gmail.com
Fri Sep 4 10:15:41 EDT 2009


Thank you so much for your response!

We modified the krb5.conf file (as below) and also switched from UDP
to TCP. Now we're not getting any errors in the trace. But still we
don't get the service ticket (same exception). In the trace for some
reason, after the client gets the TGS response, the client closes the
TCP connection, and never tries to get a service ticket. It is not
querying regarding the service at all.

Anyway, below are some answers to your questions:

What version of Java?
>>> 1.6


Do you have cross realm setup between the two realms?
>>> It should be there, because we have another application (based on SSPI) using which we are able to sign-in to the same service.


Do you have the krb5.conf on the client setup for cross realm?
>>> We have. Below is the conf file. Do let us know if it needs any corrections.

--------------------------------------------------------------


[libdefaults]
udp_preference_limit = 1
	default_realm = REALM1.COM
    dns_lookup_kdc = true
[realms]
	REALM1.COM = {
                kdc = host1.realm1.com
		default_domain = realm1.com

       }

REALM2.COM = {

    realm_type   = WINNTv1

    ENC_TYPES_LIST = RC4_HMAC, DES_CBC_MD5, DES_CBC_CRC


    kdc = {

       name = host2.realm2.com
       default_domain = .realm2.com

       protocol = TCP

 }

  }



[domain_realm]
.realm1.com = REALM1.COM
.realm2.com =REALM2.COM




[capaths]
REALM1.COM = {
REALM2.COM = .
}

REALM2.COM  = {
 REALM1.COM = .
}


[logging]


--------------------------------------------------------------

Is one or both of the realms Window AD?
>>> Shall confirm that soon.


You appear to have done some tracing, but have not said where you are
seeing these messages or how far along the process of getting tickets
has gotten. i.e. client to client's KDC or client to server's KDC.
>>> client to client's KDC






More information about the Kerberos mailing list