[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Different Heimdal/MIT behaviour of krb5_get_credentials ?
"Henry B. Hotz" <hotz@jpl.nasa.gov> wrote in message
65054D89-41A4-4CA7-B6A1-9C5059848416@jpl.nasa.gov">news:65054D89-41A4-4CA7-B6A1-9C5059848416@jpl.nasa.gov...
>
> On May 31, 2007, at 11:25 AM, Markus Moeller wrote:
>
>> I have a AD forest with MM.COM with domains DOM1.MM.COM,DOM2.MM.COM and
>> SUB.DOM2.MM.COM which all trust each other. To test the availability of
>> service tickets I created the following short program:
>
> Any particular reason you didn't use kvno (MIT) and kgetcred (Heimdal)?
Not really, only I am not sure if it will achieve what I want. My final
goal is to determine easily for a user/application if a domain has trust to
another. My thought was that the user does a kinit to his domain DOM1 (or an
application kinit against a keytab) and then tries to get a krbtgt for the
unknown domain DOM2. If he gets the tgt they have trust if not they don't.
Does this make sense ?
>
> To properly debug the problem you probably want to look at the kdc logs
> to see what actually got requested as compared to what's available. You
> can also get that info from a tcpdump/snoop, but it's not as easy.
>
> ------------------------------------------------------------------------
> The opinions expressed in this message are mine,
> not those of Caltech, JPL, NASA, or the US Government.
> Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu
>
>
>
Thanks
Markus