[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Easiest way to get service ticket after obtaining tgt

To: Jeremiah Martell <inlovewithgod@gmail.com>
Subject: Re: Easiest way to get service ticket after obtaining tgt
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Tue, 18 Oct 2005 16:35:50 +0200
Cc: "Douglas E. Engert" <deengert@anl.gov>, Buck Huppmann <buckh@pobox.com>, heimdal-discuss@sics.se
In-Reply-To: <233eb300510180728w7ac13061u7123e855de74e197@mail.gmail.com> (JeremiahMartell's message of "Tue, 18 Oct 2005 10:28:33 -0400")
References: <233eb300510121232j6650ca0fpe8464258bf1c107f@mail.gmail.com><233eb300510130548n3dfca107u6fa098feb92169ea@mail.gmail.com><m2y84xwoj0.fsf@c80-217-232-48.cm-upc.chello.se><233eb300510131314x2a04036ye77d8dea3d23ddef@mail.gmail.com><20051014210121.GA9444@dsl092-173-085.wdc2.dsl.speakeasy.net><233eb300510140504r78c4554dkec7de2bcce124a42@mail.gmail.com><233eb300510140808u32bb8a0eybb38f846b0f6b635@mail.gmail.com><20051015123524.GA3369@dsl092-173-085.wdc2.dsl.speakeasy.net><233eb300510170957i334bad82n304c5c2bb913003f@mail.gmail.com><4354150A.4030707@anl.gov><233eb300510180728w7ac13061u7123e855de74e197@mail.gmail.com>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/22.0.50 (darwin)

Jeremiah Martell <inlovewithgod@gmail.com> writes:

> [capaths]
>
> REALM1.COM = {
>  REALM2.COM = .
> }
> REALM2.COM = {
>  REALM1.COM = .
> }

Try removing this section. Direct trust doesn't require [capaths] in
Heimdal (its implicit).

I think you configuration is wrong, see 4.13 Transit policy in the info
documentation on how to set up [capaths].

What breaks is how the code figure out the next realm to jump to, it takes
the first element of the list. I tried explained it like this in the info
documentation.

> However the order is important when the `[capaths]' section is used to
> figure out the intermediate realm to go to when doing multi-realm
> transit. When figuring out the next realm, the first realm of the list
> of `PERMITTED-CROSS-REALMS' is chosen. This is done in both the client
> kerberos library and the KDC.

Love

PGP signature

Follow-Ups:
- Re: Easiest way to get service ticket after obtaining tgt
  - From: Jeremiah Martell <inlovewithgod@gmail.com>

References:
- Easiest way to get service ticket after obtaining tgt
  - From: Jeremiah Martell <inlovewithgod@gmail.com>
- Re: Easiest way to get service ticket after obtaining tgt
  - From: Jeremiah Martell <inlovewithgod@gmail.com>
- Re: Easiest way to get service ticket after obtaining tgt
  - From: Love Hörnquist Åstrand <lha@kth.se>
- Re: Easiest way to get service ticket after obtaining tgt
  - From: Jeremiah Martell <inlovewithgod@gmail.com>
- Re: Easiest way to get service ticket after obtaining tgt
  - From: Jeremiah Martell <inlovewithgod@gmail.com>
- Re: Easiest way to get service ticket after obtaining tgt
  - From: Jeremiah Martell <inlovewithgod@gmail.com>
- Re: Easiest way to get service ticket after obtaining tgt
  - From: Jeremiah Martell <inlovewithgod@gmail.com>
- Re: Easiest way to get service ticket after obtaining tgt
  - From: "Douglas E. Engert" <deengert@anl.gov>
- Re: Easiest way to get service ticket after obtaining tgt
  - From: Jeremiah Martell <inlovewithgod@gmail.com>

Prev by Date: Re: Enabling arcfour on Heimdal-0.6.3/OpenBSD
Next by Date: Re: Easiest way to get service ticket after obtaining tgt
Prev by thread: Re: Easiest way to get service ticket after obtaining tgt
Next by thread: Re: Easiest way to get service ticket after obtaining tgt
Index(es):
- Date
- Thread