On 1106580589 seconds since the Beginning of the UNIX epoch
"Barbat, Calin" wrote:
>
>I try to put it better:
>
>1.) what I use now is:
>
> kinit -k -t /etc/krb5.keytab <princ1>@<REALM1>
>
>and this gets a ticket, which is displayed by klist as "Service Ticket: =
>krbtgt/..."
>
>2.) the only command gettig me some result is=20
>
> kinit -k -t /etc/krb5.keytab <princ1>@<REALM1> -S <princ1>@<REALM1>
>
>which leads to the klist display "Service Ticket: <princ1>@<REALM1>"
>
>3.) when I issue=20
>
> kinit -k -t /etc/krb5.keytab <princ1>@<REALM1> -S <princ2>@<REALM2>
>
>kinit is saying something about "Server not found in kerberos database" =
>or "Client not found in kerberos database".
>
>I suppose, if <princ1>@<REALM1> is to use the service <princ2>@<REALM2> =
>then it has to get a ticket for it. And the other way around, too.
>How is this done best?=20
Well, the first method should work. In general you do not need to
obtain specific tickets for services, you can just use the TGT to
get them. In example 3, you have REALM1 and REALM2: are these different
and if so do you have cross realm trust setup appropriately?
--
Roland Dowdeswell http://www.Imrryr.ORG/~elric/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
