Hi everyone, I'm trying to get cross-realm authentication to work between a Windows 2000 domain (realm WIN.COM) and a MIT KDC (realm i5.COM). I've set up the cross-realm trust on both systems. The client is Windows 2000 Pro and is a member of the Windows domain. On the client and Win KDC site I have used ksetup to add the realm I5 KDC to the registry. When I log in to the Windows domain and access a Unix service that is registered in Active Directory, I get a service ticket back. When I try to access another service that is registered in the MIT KDC I5, the Windows domain controller just returns a Kerberos error Service Principal Unknown. The TGS request has the canonicalize bit turned on. What do I miss here that the Windows domain controller does not return a referral ticket to the client? BTW, the IP domains and the Kerberos realms have the same name.
When I log in to the MIT KDC using another account and try to access a service that is registered in the Windows AD, I get the referral ticket from the MIT KDC and the service ticket from the Windows KDC. So domain to realm mapping works from the MIT to the Windows KDC but not vice versa. Any hint is very much appreciated. Thanks, Tom Kind regards / Mit freundlichen Grüßen Thomas Barlen ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos