[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Easiest way to get service ticket after obtaining tgt

To: Love Hörnquist Åstrand <lha@kth.se>
Subject: Re: Easiest way to get service ticket after obtaining tgt
From: Jeremiah Martell <inlovewithgod@gmail.com>
Date: Tue, 18 Oct 2005 10:54:15 -0400
Cc: "Douglas E. Engert" <deengert@anl.gov>, Buck Huppmann <buckh@pobox.com>, heimdal-discuss@sics.se
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=bUHph4lCST3nTtsDC1oh4sngb0DWEv6kff2snfO+mcdE6CNT5NOEFL07cmEL3geR9X2h68UBLQ7E64XOvrPRk0IMSZjUEIA9cnlG7NA0ceKQhbUpDk8ihL4BnF0OOO8Qyhfyvho4AUgQTOEH42X5X96IETS9x3OystOgR+pBt4Q=
In-Reply-To: <m2fyqygaex.fsf@c80-217-232-48.cm-upc.chello.se>
References: <233eb300510121232j6650ca0fpe8464258bf1c107f@mail.gmail.com> <233eb300510131314x2a04036ye77d8dea3d23ddef@mail.gmail.com> <20051014210121.GA9444@dsl092-173-085.wdc2.dsl.speakeasy.net> <233eb300510140504r78c4554dkec7de2bcce124a42@mail.gmail.com> <233eb300510140808u32bb8a0eybb38f846b0f6b635@mail.gmail.com> <20051015123524.GA3369@dsl092-173-085.wdc2.dsl.speakeasy.net> <233eb300510170957i334bad82n304c5c2bb913003f@mail.gmail.com> <4354150A.4030707@anl.gov> <233eb300510180728w7ac13061u7123e855de74e197@mail.gmail.com> <m2fyqygaex.fsf@c80-217-232-48.cm-upc.chello.se>
Sender: owner-heimdal-discuss@sics.se

WOWZERS! :-)

That did the job. Removing the "REALM.COM = ." fixed the problem!!!

Thanks a lot for everyone who has helped with his problem. I really appreciate it! :-)

A very happy man,
- Jeremiah
inlovewithGod@gmail.com

On 10/18/05, Love Hörnquist Åstrand <lha@kth.se > wrote:

Jeremiah Martell <inlovewithgod@gmail.com > writes:

> [capaths]
>
> REALM1.COM = {
> REALM2.COM = .
> }
> REALM2.COM = {
> REALM1.COM = .
> }

Try removing this section. Direct trust doesn't require [capaths] in
Heimdal (its implicit).

I think you configuration is wrong, see 4.13 Transit policy in the info
documentation on how to set up [capaths].

What breaks is how the code figure out the next realm to jump to, it takes
the first element of the list. I tried explained it like this in the info
documentation.

> However the order is important when the `[capaths]' section is used to
> figure out the intermediate realm to go to when doing multi-realm
> transit. When figuring out the next realm, the first realm of the list
> of `PERMITTED-CROSS-REALMS' is chosen. This is done in both the client
> kerberos library and the KDC.

Love

--
- Jeremiah
inlovewithGod@gmail.com

References:
- Easiest way to get service ticket after obtaining tgt
  - From: Jeremiah Martell <inlovewithgod@gmail.com>
- Re: Easiest way to get service ticket after obtaining tgt
  - From: Jeremiah Martell <inlovewithgod@gmail.com>
- Re: Easiest way to get service ticket after obtaining tgt
  - From: Jeremiah Martell <inlovewithgod@gmail.com>
- Re: Easiest way to get service ticket after obtaining tgt
  - From: Jeremiah Martell <inlovewithgod@gmail.com>
- Re: Easiest way to get service ticket after obtaining tgt
  - From: Jeremiah Martell <inlovewithgod@gmail.com>
- Re: Easiest way to get service ticket after obtaining tgt
  - From: "Douglas E. Engert" <deengert@anl.gov>
- Re: Easiest way to get service ticket after obtaining tgt
  - From: Jeremiah Martell <inlovewithgod@gmail.com>
- Re: Easiest way to get service ticket after obtaining tgt
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: Re: Easiest way to get service ticket after obtaining tgt
Next by Date: pkinit, openssl engines, and cert retrieval.
Prev by thread: Re: Easiest way to get service ticket after obtaining tgt
Next by thread: Re: Easiest way to get service ticket after obtaining tgt
Index(es):
- Date
- Thread