Cross realm authentication

krbmit siso krbmit at
Wed Jan 5 00:47:17 EST 2011

Hi All,

Please guide me to get cross realm authentication working under windows 2008
server environment.
I have set up two domain with realm1 and realm 2 in 2 different windows
servers. I have added a one
way trust at realm1 for realm2. The client is in realm1 wants to access a
server at realm2 . I got the
AS-REP with referral ticket for  krbtgt/realm2 at realm1  from realm1 KDC
server , Now the problem is
the  I am sending TGS-REQ to KDC server of realm2 by submitting referral TGT
, but the server returns
with a KRB Error: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN even though the principal
name is the same
as the name with working condition in single realm setup.
In Info in TGS req.

Padata field ->
                              Tkt-vno: 5
                             Server Name (Principal): krbtgt/
                            Realm: REALM2.COM
                            Server Name (Principal): ldap/

Please guide me on identifying and resolve the problem for cross realm

Thanks and Regards

More information about the Kerberos mailing list