---- Original message ---- >Date: Sat, 15 Jul 2006 23:18:53 -0300 >From: "Gustavo Rios" <[EMAIL PROTECTED]> >Subject: Kerberos >To: misc@openbsd.org > >Well, here i am again. > >I was expecting that the granted ticket always hold the address to >which it is valid. After obtaining a ticket by means of kinit, i got >the following: > >$ kinit >[EMAIL PROTECTED]'s Password: >$ klist -v >Credentials cache: FILE:/tmp/krb5cc_1000 > Principal: [EMAIL PROTECTED] > Cache version: 4 > >Server: krbtgt/[EMAIL PROTECTED] >Ticket etype: des3-cbc-sha1, kvno 1 >Auth time: Jul 15 23:11:42 2006 >End time: Jul 16 03:11:42 2006 >Renew till: Aug 14 23:11:42 2006 >Ticket flags: renewable, initial >Addresses: >
just checked this on a local machine and the addresses field is filled out correctly. the IP also follows the ticket when using a forwardable one (kinit -f). look at the default krb5.conf that comes with openbsd and add options until you find which one breaks this. you may have to fish online for some of the option descriptions since stuff like correct_des3_mic aren't in the manpage for krb5.conf. is there any plan to update the manpage with these missing options? >The address information line is empty. I don't understand why! > >Here you have my krb5.conf: > <insert giant config file>