Hi, thanks for your answer.
Greg Hudson wrote: > On Tue, 2009-03-24 at 12:48 +0100, Frank Gruellich wrote: >> in short: are there any shell commands included in the MIT Kerberos >> Distribution to obtain a specific service ticket once I have a TGT? > The "kvno" command accomplishes this, if I'm understanding the question > correctly. Oh, cool, yes, seems so, at least as a side effect. But for some reason it does not work with the kadmin/admin service principal: (0) fr...@nmsng [~] % kinit frank/admin Password for frank/[email protected]: (0) fr...@nmsng [~] % kvno -q host/[email protected] (0) fr...@nmsng [~] % kvno -q kadmin/[email protected] kadmin/[email protected]: KDC policy rejects request while getting credentials (1) fr...@nmsng [~] % klist Ticket cache: FILE:/tmp/krb5cc_20000_0mSrwN Default principal: frank/[email protected] Valid starting Expires Service principal 03/24/09 17:20:10 03/25/09 17:20:10 krbtgt/[email protected] 03/24/09 17:20:28 03/25/09 17:20:10 host/[email protected] Kerberos 4 ticket cache: /tmp/tkt20000 klist: You have no tickets cached (1) fr...@nmsng [~] % It works for host/eloy.example.com, but not for kadmin/admin. I find: Mar 24 17:20:40 bill krb5kdc[26337]: TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 10.39.8.15: TGT BASED NOT ALLOWED: authtime 1237911610, frank/[email protected] for kadmin/[email protected], KDC policy rejects request in krb5kdc's logfile. Any hints what this means? Google doesn't reveal to much for both error messages. Kind regards, -- Navteq (DE) GmbH Frank Gruellich Map24 Systems and Networks Duesseldorfer Strasse 40a 65760 Eschborn Germany Phone: +49 6196 77756-414 Fax: +49 6196 77756-100 USt-ID-No.: DE 197947163 Managing Directors: Thomas Golob, Alexander Wiegand, Hans Pieter Gieszen, Martin Robert Stockman ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
