Cross realm authentication
Mark Pröhl
mark at mproehl.net
Wed Jan 5 02:59:04 EST 2011
Hi,
what is the requested service principal name in the tgs request to
relam2 kdc?
Can you provide more information about the client that does the cross
realm request (Windows, MIT Kerberos, Java, ...)
Regards,
Mark Pröhl
On 01/05/2011 06:47 AM, krbmit siso wrote:
> Hi All,
>
> Please guide me to get cross realm authentication working under windows 2008
> server environment.
> I have set up two domain with realm1 and realm 2 in 2 different windows
> servers. I have added a one
> way trust at realm1 for realm2. The client is in realm1 wants to access a
> server at realm2 . I got the
> AS-REP with referral ticket for krbtgt/realm2 at realm1 from realm1 KDC
> server , Now the problem is
> the I am sending TGS-REQ to KDC server of realm2 by submitting referral TGT
> , but the server returns
> with a KRB Error: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN even though the principal
> name is the same
> as the name with working condition in single realm setup.
> In Info in TGS req.
>
> Padata field ->
> Tkt-vno: 5
> Realm: realm1.com
> Server Name (Principal): krbtgt/realm2.com
> Kdc-Req-body->
> Realm: REALM2.COM
> Server Name (Principal): ldap/
> win2003dpdnic.realm2.com
>
>
> Please guide me on identifying and resolve the problem for cross realm
> authentication.
>
>
>
> Thanks and Regards
> Naveen
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list