incorrect server principal in TGS-REQ
Love Hörnquist Åstrand
lha at kth.se
Thu Nov 23 16:00:12 GMT 2006
>> Windows seems have this habit of sending the first tgs-req to the
>> local realm
>> and trust referrals to redirect the client to the right place.
> Not sure about Heimdal Kerberos, but MIT Kerberos ignores the
> Windows ticket referrals. Double check krb5.conf to make sure it
> is configured properly. If you have an AD forest with multiple
> roots, you will need to manually construct a [capaths] section to
> let the library know how to follow the path of trust.
I don't think the referral matter in the case because its ever sent.
Heimdal KDC will both issue
and the client will follow referrals.
More information about the samba-technical