On Jun 1, 2007, at 12:00 PM, Markus Moeller wrote: > > "Henry B. Hotz" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] >> >> On May 31, 2007, at 11:25 AM, Markus Moeller wrote: >> >>> I have a AD forest with MM.COM with domains >>> DOM1.MM.COM,DOM2.MM.COM and >>> SUB.DOM2.MM.COM which all trust each other. To test the >>> availability of >>> service tickets I created the following short program: >> >> Any particular reason you didn't use kvno (MIT) and kgetcred >> (Heimdal)? > > Not really, only I am not sure if it will achieve what I want. My > final > goal is to determine easily for a user/application if a domain has > trust to > another. My thought was that the user does a kinit to his domain > DOM1 (or an > application kinit against a keytab) and then tries to get a krbtgt > for the > unknown domain DOM2. If he gets the tgt they have trust if not they > don't. > > Does this make sense ?
Sure it does. You could do that with the utilities I listed too, but writing your own code you've got more visibility into what's happening. I'm sure you realize it could fail for more reasons than just lack of a trust relationship also. I've found I can't get away from these little hip-picket test programs when I need to debug things. Name canonicalization and DNS (or NIS) interactions seem especially problematic in the real world for me. ------------------------------------------------------------------------ The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. [EMAIL PROTECTED], or [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos