So, I'm trying to set up one way cross realm auth. We have two realms... realmA and realmB
On both KDCs, we have created the principal krbtgt/[EMAIL PROTECTED] with the same kvno and the same password. I can even kinit krbtgt/[EMAIL PROTECTED] (which talks to the realmA server) and get a ticket as that principal. So, here's where things go wacky... I kinit [EMAIL PROTECTED] - fine I then try to do something (ssh for example) that requires a ticket in realm B. Failure with the following error: Decrypt Integrity Check Failed - this error also shows up in the realmB kdc log. a klist shows: krbtgt/[EMAIL PROTECTED] krbtgt/[EMAIL PROTECTED] but, of course, no service ticket. Any thoughts on what to try/look at? As best I can tell, this should just work, but clearly it isn't. I haven't figured out if there is a way to kinit krbtgt/[EMAIL PROTECTED] to realmB's servers to verify it isn't somehow mangling the password -- is there a way to do this? realmB is rhel4u4 - krb5-server-1.3.4-33 I don't know what realmA is as I don't control that KDC. Thanks! -- ******************************** David William Botsch Programmer/Analyst CNF Computing [EMAIL PROTECTED] ******************************** ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
