Getting two service principals, one of them with an empty realm

Rahul Amaram rahul at synovel.com
Wed Jun 9 00:02:07 EDT 2010


Thanks for the response.

Regards,
Rahul.

On Wednesday 09 June 2010 07:27 AM, Tom Yu wrote:
> Rahul Amaram<rahul at synovel.com>  writes:
>
>> Hi,
>> I did not get any response for this query. If nobody has an idea, I was
>> planning to submit this a bug report. Looking forward to a response.
>>
>> Thanks,
>> Rahul.
>>
>> On Wednesday 02 June 2010 11:59 AM, Rahul Amaram wrote:
>>> Hi,
>>> I am strangely getting two service principals for every service I use
>>> and one of them has an empty realm. Below is a sample output.
>>>
>>> $ klist
>>> Ticket cache: FILE:/tmp/krb5cc_1001_Xc3DVv
>>> Default principal: xxxxxx at SYNOVEL.COM
>>>
>>> Valid starting     Expires            Service principal
>>> 06/02/10 11:45:07  06/02/10 21:45:07  krbtgt/SYNOVEL.COM at SYNOVEL.COM
>>>        renew until 06/03/10 11:44:57
>>> 06/02/10 11:45:27  06/02/10 21:45:07  imap/scs.synovel.com@
>>>        renew until 06/03/10 11:44:57
>>> 06/02/10 11:45:27  06/02/10 21:45:07  imap/scs.synovel.com at SYNOVEL.COM
>>>        renew until 06/03/10 11:44:57
>
> This is expected behavior that is a side effect of the way that
> service principal realm referrals work.  The empty realm name
> indicates that the realm of the principal is unknown.  A copy of the
> ticket is present in the cache under its actual service principal name
> and realm to allow both referral and non-referral lookups to work.



More information about the Kerberos mailing list