From: | Mukul Agarwal <Mukul.Agarwal@citrix.com> |
To: | "krb5-bugs@mit.edu" <krb5-bugs@mit.edu> |
Date: | Mon, 21 Nov 2011 21:36:08 +0530 |
Subject: | S4U cross realm error |
Dear Kerberos experts,
I am working on some use case of constrained delegation wherein I am
trying to get service ticket for a service using delegated user on
behalf of an end user. I am experimenting this using "kvno" tool where
I am getting correct service ticket if user and service is in the same
realm.
However I am getting following error for cross realm scenario when end
user and service is in different domain (I have setup 2 way trust for
this).
>kinit -f delegate_user@FOREST2.COM
>kvno -k delegate.keytab -U test1@FOREST1.COM -P cifs/machine-forest2.forest2.com@FOREST2.COM
kvno: Server not found in Kerberos database while getting credentials
for cifs/machine-forest2.forest2.com@FOREST2.COM
Here "delegated_user" (part of forest2) is trying to get service ticket for
CIFS (in forest2) on behalf of user "test1" (in forest1).
Any help is appreciate.
TIA,
Mukul