Cross realm authentication
Frank Cusack
frank at linetwo.net
Wed Jan 5 12:50:00 EST 2011
On 1/5/11 2:53 PM +0530 krbmit siso wrote:
> *Server Principal Names in TGS-REQ.*
> Padata field -> Contents in the TICKET which is visible
> Tkt-vno: 5
> Realm: realm1.com
> Server Name (Principal): krbtgt/realm2.com
> Kdc-Req-body->
> Realm: REALM2.COM <http://realm2.com/>
> Server Name (Principal): ldap/
> win2003.realm2.com <http://win2003dpdnic.realm2.com/>
That looks wrong. I see krbtgt/realm2.com but the realm is actually
REALM2.COM? You have a case mismatch.
More information about the Kerberos
mailing list