Hi all,
I just setted up a multi realm KDC on a linux machine.
The 2 REALMS are named SOLARIS and SOLARIS2.
I want to put a trust relationship between the two REALMS, so I did
the following on each KDC:
addprinc -pw krbtgt/SOLARIS2 krbtgt/[EMAIL PROTECTED]
addprinc -pw krbtgt/SOLARIS krbtgt/[EMAIL PROTECTED]
In order to test cross realm authentication I tryed to single sign on
into a machine based on SOLARIS realm, with a ticket of SOLARIS2. The
SSO doesn't work, however if I run klist after trying SSO, it
yields:
[EMAIL PROTECTED] ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting Expires Service principal
03/17/08 04:09:13 03/17/08 15:49:13 krbtgt/[EMAIL PROTECTED]
renew until 03/17/08 04:09:13
03/17/08 04:09:19 03/17/08 15:49:13 krbtgt/[EMAIL PROTECTED]
renew until 03/17/08 04:09:13
03/17/08 04:09:19 03/17/08 15:49:13 host/[EMAIL PROTECTED]
renew until 03/17/08 04:09:13
It seems that the cross realm authentication works, but the SSO no.
I can make the system successfully works inserting the .k5login file
into the home directory of the user who is attempting to SSO on the
machine with a ticket of SOLARIS2 REALM.
I want to ask to you:
Am I missing something on the configuration?
Is necessary to set up for each user on the system a .k5login?
Is it possible to avoid using the .k5login?
Thanks in advance!
best regards,
Andrea
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
