On 10/3/05, Markus Moeller <[EMAIL PROTECTED]> wrote: > Can you describe what you have done ? When you always get a NTLM token it > normally means that there is no key for this service in your kdc. Check > that you don't use CNAMEs. Use kerbtray on your Windows machine to see > which tickets are available for IE.
Hi Markus, You are right - I do not have the key for my web server in my KDC. I have read Achim's manual and have discovered that I missed that point - creation of service realm for my web server. In my case it is HTTP/[EMAIL PROTECTED] With "klist.exe tickets" command I see the following tickets in cache on my workstation (Win2000): Server: krbtgt/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 10/4/2005 22:28:03 Renew Time: 10/11/2005 9:28:03 Server: krbtgt/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 10/4/2005 18:55:26 Renew Time: 10/11/2005 5:55:26 Server: ldap/GVW001.internal.epo.org/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 10/4/2005 18:55:26 Renew Time: 10/11/2005 5:55:26 Server: LDAP/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 10/4/2005 18:55:26 Renew Time: 10/11/2005 5:55:26 Server: HOST/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 10/4/2005 18:55:26 Renew Time: 10/11/2005 5:55:26 Server: ldap/GVW002.internal.epo.org/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 10/4/2005 18:55:26 Renew Time: 10/11/2005 5:55:26 Server: LDAP/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 10/4/2005 18:55:26 Renew Time: 10/11/2005 5:55:26 Server: HOST/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 10/3/2005 23:44:21 Renew Time: 10/10/2005 10:44:21 Server: HOST/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 10/3/2005 23:44:21 Renew Time: 10/10/2005 10:44:21 Server: HOST/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 10/3/2005 23:44:21 Renew Time: 10/10/2005 10:44:21 Server: HOST/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 10/3/2005 23:44:21 Renew Time: 10/10/2005 10:44:21 Server: host/[EMAIL PROTECTED] KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) End Time: 10/3/2005 23:44:21 Renew Time: 10/10/2005 10:44:21 I guess I should have had a ticket for HTTP/[EMAIL PROTECTED] as well -- Thanks, Siarhei Baidun ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
