Hello, On Tue, Apr 17, 2018 at 12:05:26PM +0000, [email protected] wrote:
When I query ldap service on SRV_B with ldapsearch from SRV_A, the requested TGS to the KDC is ldap/localhost or ldap/SRV_A.REALM and not ldap/SRV_B.REALM. I expect to send ldap/SRV_B.REALM TGS but I may miss something in the intended behaviour.
I think I agree with your reasoning but I don't know enough details to say for sure. Could you perhaps write to [email protected] with the same information and get them to confirm that your config and expectations are correct? Then we can look at whether this is a Debian-specific or upstream issue.
