Generic question regarding service principal required to access a kerberized ftp server
Elia Pinto
gitter.spiros at gmail.com
Fri Apr 9 11:44:08 EDT 2010
Hi to all
I'm trying to do a ftp logon from a linux client (RHEL 5.4)
authenticated via kerberos to an AD (Active Directory) domain to a KDC
MVS RACF (SAF mode and nokeytab) in cross-domain realm trust with the
AD.
The ftp client I'm using is which is distributed by kerberos MIT on
RHEL (krb-workstation 1.6.1-36 rpm).
I can get a TGS ftp /<KDC MVS hostname>@< KDC MVS REALMS> but it seems
that the client also requests a TGS host /<KDC MVS hostname>@< KDC MVS
REALMS> but this one is not defined on the KDC MVS and so the ftp
client logon fail.
The question is now if it is really need for a service like ftp to
also have as a principal host/<KDC MVS hostname>@< KDC MVS REALMS>?
RFC 2228 is unclear on this point.
Thanks in advance.
More information about the Kerberos
mailing list