Kerberos

Gustavo Rios Sat, 15 Jul 2006 19:24:52 -0700

Well, here i am again.

I was expecting that the granted ticket always hold the address to
which it is valid. After obtaining a ticket by means of kinit, i got
the following:


$ kinit
[EMAIL PROTECTED]'s Password:
$ klist -v
Credentials cache: FILE:/tmp/krb5cc_1000
       Principal: [EMAIL PROTECTED]
   Cache version: 4

Server: krbtgt/[EMAIL PROTECTED]
Ticket etype: des3-cbc-sha1, kvno 1
Auth time:  Jul 15 23:11:42 2006
End time:   Jul 16 03:11:42 2006
Renew till: Aug 14 23:11:42 2006
Ticket flags: renewable, initial
Addresses:

The address information line is empty. I don't understand why!

Here you have my krb5.conf:

[appdefaults]
       forwardable = no
       proxiable = no
#       no-addresses = no
       ticket_lifetime = 14400
       renew_lifetime = 3600
#       encrypt =
#       forward =

[libdefaults]
       default_realm = SSO.NET
       clockskew = 300
       kdc_timeout = 4
#       v4_name_convert
#       v4_instance_resolve
#       capath = { }
#       default_etypes = arcfour-hmac-md5
#       default_etypes_des = des-cbc-crc
       default_keytab_name = FILE:/etc/kerberosV/krb5.keytab
       dns_lookup_kdc = yes
       dns_lookup_realm = no
       kdc_timesync = yes
#       max_retries = 4
       ticket_lifetime = 14400
#       renew_lifetime = 3600
       forwardable = no
#       proxiable = yes
       verify_ap_req_nofail = yes
#       warn_pwexpire = 86400
#       http_proxy =
#       dns_proxy =
#       extra_addresses =
#       time_format =
#       date_format =
       log_utc = yes
       scan_interfaces = no
#       fcache_version =
#       krb4_get_tickets = no
#       fcc-mit-ticketflags = yes

[domain_realm]
       .my.domain = SSO.NET

[realms]
       SSO.NET = {
               kdc = etosha.my.domain
               admin_server = etosha.my.domain
               kpasswd_server = etosha.my.domain
#               krb524_server =
#               v4_instance_convert
#               v4_name_convert
#               default_domain
#               tgs_require_subkey
       }

#[capaths]
#       CLIENT-REALM = {
#               SERVER-REALM = hop-realm
#       }

[logging]
       kadmind = FILE:/var/heimdal/kadmind.log
       kdc = STDERR
       default = STDERR

[kdc]
       database = {
#               dbname =
               realm = SSO.NET
#               mkey_file =
#               acl_file =
#               log_file =
       }
       max-request = 1024
#       require-preauth = yes
#       ports =
       addresses = 10.0.0.2
       enable-kerberos4 = no
#       v4-realm = SSO.NET
       enable-524 = no
       enable-http = no
       enable-kaserver = no
#       check-ticket-addresses = yes
#       allow-null-ticket-addresses = no
       allow-anonymous = no
#       enable_as_rep_as_tgs_rep = no
       kdc_warn_pwexpire = 86400
#       logging =
#       use_2b =

[kadmin]
#       require-preauth = yes
       default_keys = v5
       use_v4_salt = no

Kerberos

Reply via email to