Kerberos cross-realm with AD

Jean-Yves Avenard jyavenard at gmail.com
Tue Feb 8 00:49:06 EST 2011


Hi there..

Interestingly ; I have now reverted to kerberos 1.7 (I had avoided
upgrading to 1.8 earlier as I couldn't make it work when both 1.7 and
1.6 worked just fine. 1.9 seemed to have worked all fine until now).

Downgrading to 1.7 and my cross-ream issues are gone ; only problem
now is that I see in the log:
[Tue Feb 08 16:45:00 2011] [notice] [client 1.2.3.4]
krb5_aname_to_localname() found no mapping for principal
jean-yves.avenard at MEL.DOMAIN.COM

I added in the krb5.conf

[realms]
 M.DOMAIN.COM = {
  kdc = m.domain.com
  admin_server = m.domain.com
  default_domain = m.domain.com
 }

 MEL.DOMAIN.COM = {
  kdc = ad.domain.com
  admin_server = ad.domain.com
  default_domain = ad.domain.com
  auth_to_local = RULE:[1:$1@$0](.*@.*DOMAIN\.COM$)s/@.*//
 }

from what I could read in the documentation, but this still doesn't work.



More information about the Kerberos mailing list