Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-RT-Original-Encoding: us-ascii Content-Length: 1049 Dear Kerberos experts, I am working on some use case of constrained delegation wherein I am trying to get service ticket for a service using delegated user on behalf of an end user. I am experimenting this using "kvno" tool where I am getting correct service ticket if user and service is in the same realm. However I am getting following error for cross realm scenario when end user and service is in different domain (I have setup 2 way trust for this). >kinit -f delegate_user@FOREST2.COM >kvno -k delegate.keytab -U test1@FOREST1.COM -P cifs/machine-forest2.forest2.com@FOREST2.COM kvno: Server not found in Kerberos database while getting credentials for cifs/machine-forest2.forest2.com@FOREST2.COM Here "delegated_user" (part of forest2) is trying to get service ticket for CIFS (in forest2) on behalf of user "test1" (in forest1). Any help is appreciate. TIA, Mukul