On 02/16/2012 07:55 AM, Greg Hudson wrote: > On 02/15/2012 08:56 PM, luxInteg wrote: >> My question is what is the "Kerberos TGS name" for a kdc? Is it >> krbtgt/REALNAME or krbtgt/fdqn@REALNAME or some such? > It's krbtgt/REALMNAME@REALMNAME. > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos Hi.
We have have krbtgt/REALM@REALM cat /etc/krb5.conf [libdefaults] default_realm = HH3.SITE dns_lookup_realm = false dns_lookup_kdc = true Here is a domain user steve2 logging on in the realm HH3.SITE: Kerberos: AS-REQ ste...@hh3.site from ipv4:192.168.1.3:58331 for krbtgt/hh3.s...@hh3.site Kerberos: Client sent patypes: 149 Kerberos: Looking for PKINIT pa-data -- ste...@hh3.site Kerberos: Looking for ENC-TS pa-data -- ste...@hh3.site Kerberos: No preauth found, returning PREAUTH-REQUIRED -- ste...@hh3.site Kerberos: AS-REQ ste...@hh3.site from ipv4:192.168.1.3:60184 for krbtgt/hh3.s...@hh3.site Kerberos: Client sent patypes: encrypted-timestamp, 149 Kerberos: Looking for PKINIT pa-data -- ste...@hh3.site Kerberos: Looking for ENC-TS pa-data -- ste...@hh3.site Kerberos: ENC-TS Pre-authentication succeeded -- ste...@hh3.site using arcfour-hmac-md5 Kerberos: AS-REQ authtime: 2012-02-16T11:51:38 starttime: unset endtime: 2012-02-16T21:51:38 renew till: 2012-02-17T11:51:38 Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1, arcfour-hmac-md5, using arcfour-hmac-md5/arcfour-hmac-md5 Kerberos: Requested flags: renewable-ok HTH, Steve ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos