Getting two service principals, one of them with an empty realm
Rahul Amaram
rahul at synovel.com
Wed Jun 9 00:02:07 EDT 2010
Thanks for the response.
Regards,
Rahul.
On Wednesday 09 June 2010 07:27 AM, Tom Yu wrote:
> Rahul Amaram<rahul at synovel.com> writes:
>
>> Hi,
>> I did not get any response for this query. If nobody has an idea, I was
>> planning to submit this a bug report. Looking forward to a response.
>>
>> Thanks,
>> Rahul.
>>
>> On Wednesday 02 June 2010 11:59 AM, Rahul Amaram wrote:
>>> Hi,
>>> I am strangely getting two service principals for every service I use
>>> and one of them has an empty realm. Below is a sample output.
>>>
>>> $ klist
>>> Ticket cache: FILE:/tmp/krb5cc_1001_Xc3DVv
>>> Default principal: xxxxxx at SYNOVEL.COM
>>>
>>> Valid starting Expires Service principal
>>> 06/02/10 11:45:07 06/02/10 21:45:07 krbtgt/SYNOVEL.COM at SYNOVEL.COM
>>> renew until 06/03/10 11:44:57
>>> 06/02/10 11:45:27 06/02/10 21:45:07 imap/scs.synovel.com@
>>> renew until 06/03/10 11:44:57
>>> 06/02/10 11:45:27 06/02/10 21:45:07 imap/scs.synovel.com at SYNOVEL.COM
>>> renew until 06/03/10 11:44:57
>
> This is expected behavior that is a side effect of the way that
> service principal realm referrals work. The empty realm name
> indicates that the realm of the principal is unknown. A copy of the
> ticket is present in the cache under its actual service principal name
> and realm to allow both referral and non-referral lookups to work.
More information about the Kerberos
mailing list