a question on Kerberos TGS name
steve
steve at steve-ss.com
Thu Feb 16 05:56:27 EST 2012
On 02/16/2012 07:55 AM, Greg Hudson wrote:
> On 02/15/2012 08:56 PM, luxInteg wrote:
>> My question is what is the "Kerberos TGS name" for a kdc? Is it
>> krbtgt/REALNAME or krbtgt/fdqn at REALNAME or some such?
> It's krbtgt/REALMNAME at REALMNAME.
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
Hi.
We have have krbtgt/REALM at REALM
cat /etc/krb5.conf
[libdefaults]
default_realm = HH3.SITE
dns_lookup_realm = false
dns_lookup_kdc = true
Here is a domain user steve2 logging on in the realm HH3.SITE:
Kerberos: AS-REQ steve2 at HH3.SITE from ipv4:192.168.1.3:58331 for
krbtgt/HH3.SITE at HH3.SITE
Kerberos: Client sent patypes: 149
Kerberos: Looking for PKINIT pa-data -- steve2 at HH3.SITE
Kerberos: Looking for ENC-TS pa-data -- steve2 at HH3.SITE
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- steve2 at HH3.SITE
Kerberos: AS-REQ steve2 at HH3.SITE from ipv4:192.168.1.3:60184 for
krbtgt/HH3.SITE at HH3.SITE
Kerberos: Client sent patypes: encrypted-timestamp, 149
Kerberos: Looking for PKINIT pa-data -- steve2 at HH3.SITE
Kerberos: Looking for ENC-TS pa-data -- steve2 at HH3.SITE
Kerberos: ENC-TS Pre-authentication succeeded -- steve2 at HH3.SITE using
arcfour-hmac-md5
Kerberos: AS-REQ authtime: 2012-02-16T11:51:38 starttime: unset endtime:
2012-02-16T21:51:38 renew till: 2012-02-17T11:51:38
Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96,
aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using
arcfour-hmac-md5/arcfour-hmac-md5
Kerberos: Requested flags: renewable-ok
HTH,
Steve
More information about the Kerberos
mailing list