Re: Easiest way to get service ticket after obtaining tgt

[Jeremiah Martell <inlovewithgod@gmail.com>]

Nope, that's my mail client being too smart for me. I don't have the
http:// in there. Just "LDAPREALM" plus a period "." plus the
"COM"  :-)

 - Jeremiah

On 10/14/05, Buck Huppmann <buckh@pobox.com> wrote:

On Thu, Oct 13, 2005 at 04:14:30PM -0400, Jeremiah Martell wrote:
> This is still not working for me. An ethereal trace shows me trying to get a
> ticket for "krbtgt/.", which is really strange.

> // the following values are hard-coded for now.
> // make principal for server. works, but is it correct?
> krb5_make_principal( krbcontext, &server,
> "LDAPREALM.COM <http://LDAPREALM.COM>",
> "ldap/ldaprealm.com", NULL );

is this some sort of artifact of your MUA? or do you literally have
that ``<http://...>'' junk in the realm string? if so, then it's pos-
sible to imagine heimdal (or any implementation) getting confused and
trying to get a cross-realm TGT for the ``.'' realm, in order to get a
cross-realm TGT for the ``COM>'' realm, in order to get . . .