On Sat, May 24, 2008 at 10:05:26AM -0700, Russ Allbery wrote:
> NEWS.Debian is correct. The documentation predates referral support.
> Thanks, I'll work on getting this fixed, hopefully for the next upstream
> release.
I was not able to find that in the code, but some parts of the old
behaviour seems to be still there:
| $ kvno host/$somehost@
| kvno: KDC returned error string: PROCESS_TGS while getting credentials for
host/$somehost@
| $ klist
| Default principal: [EMAIL PROTECTED]
|
| Valid starting Expires Service principal
| 06/03/08 15:13:13 06/04/08 01:13:13 krbtgt/[EMAIL PROTECTED]
| renew until 06/04/08 15:13:11
| 06/03/08 15:15:26 06/04/08 01:13:13 krbtgt/[EMAIL PROTECTED]
| renew until 06/04/08 15:13:11
log:
| TGS_REQ [...]: UNKNOWN_SERVER: authtime 1212498967, [EMAIL PROTECTED] for
host/[EMAIL PROTECTED], Server not found in Kerberos database
| TGS_REQ [...]: ISSUE: authtime 1212498967, etypes {rep=18 tkt=18 ses=18},
[EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED]
After trying to find the principal in the default realm, it seems to use
the old behaviour and tries to find a trust path to the domain derived
realm. The domain_realm section in the config is empty.
Bastian
--
We fight only when there is no other choice. We prefer the ways of
peaceful contact.
-- Kirk, "Spectre of the Gun", stardate 4385.3
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
