"Inger, Slav (.)" wrote: > > Hi all, > > I tested cross-realm awhile back and it seemed to work fine, not sure why I'm > running into issues now, maybe I'm forgetting something obvious. Scenario: KDC is > Active Directory, clients are running Solaris and HP-UX with Kerberos and > appropriate patches. I tried going Sun to Sun and HP to HP, didn't get too far with > either. Two clients are in different realms, have good keytabs and good krb5.conf's > (tried with and without [capaths] section). The passwd entries for the user logging > in from one realm to the other are identical on both clients (meaning the same user > is doing cross-realm login). The issue is with authorization, for some reason the > destination machine is not authorizing the user from the source realm. Works the > same with and without .k5login file in user's home dir on the destination host.
Can you send output of kinit -f as well as the .k5login file? [domain_realm] is set up correctly, with two DNS domains referencing their respective realms. The user's cache shows 2 TGTs (for his own realm and one for cross-realm)! > and a host ticket, but he just can't log in. Any idea what's going on here? > Thanks! You say everything is setup correctly, but this may not be the case. Can you give some more output? > > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
