Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uwm.edu!bionet!agate!shelby!USC.EDU!alfonso%agena.usc.edu
From: alfonso%agena.usc.edu@USC.EDU (Tasha Alfonso)
Newsgroups: comp.protocols.kerberos
Subject: Re: inter-realm authentication
Message-ID: <9007130118.AA00315@agena.usc.edu>
Date: 13 Jul 90 01:18:22 GMT
References: <9007121723.AA10813@delwin.MIT.EDU>
Sender: daemon@shelby.Stanford.EDU
Organization: The Internet
Lines: 38



Jon, thanks for your reply.

	It's very important that krbtgt.USC2.EDU@USC.EDU and
	krbtgt.USC.EDU@USC2.EDU both have the same private keys.  Is this the
	case?  It isn't clear to me from your message if you did that
	part correctly.  

Yes, krbtgt.USC2.EDU@USC.EDU and krbtgt.USC.EDU@USC2.EDU have the same
private key.


	Which of these tickets do you get?  What do the kerberos.log files on
	both servers say?

		-- Jon


We get only the first ticket:

Principal:      root@USC.EDU

  Issued           Expires          Principal
Jul 12 17:58:11  Jul 13 01:58:11  krbtgt.USC.EDU@USC.EDU


The kerberos log on USC.EDU reads:

12-Jul-90 17:57:49 Getting key for USC.EDU
12-Jul-90 17:58:08 Initial ticket request Host: 128.125.51.1 User:
"root" ""
12-Jul-90 17:58:45 APPL Request root.@USC.EDU on 128.125.51.1 for visa.pompei
12-Jul-90 17:58:45 UNKNOWN "visa" "pompei"

Thanks,

Tasha