Path: utzoo!attcan!uunet!cs.utexas.edu!uwm.edu!bionet!agate!shelby!MIT.EDU!jon
From: jon@MIT.EDU (Jon A. Rochlis)
Newsgroups: comp.protocols.kerberos
Subject: Re: inter-realm authentication
Message-ID: <9007130153.AA11138@delwin.MIT.EDU>
Date: 13 Jul 90 01:53:31 GMT
References: <9007130118.AA00315@agena.usc.edu>
Sender: daemon@shelby.Stanford.EDU
Organization: The Internet
Lines: 30


   
   We get only the first ticket:
   
   Principal:      root@USC.EDU
   
     Issued           Expires          Principal
   Jul 12 17:58:11  Jul 13 01:58:11  krbtgt.USC.EDU@USC.EDU
   
   
   The kerberos log on USC.EDU reads:
   
   12-Jul-90 17:57:49 Getting key for USC.EDU
   12-Jul-90 17:58:08 Initial ticket request Host: 128.125.51.1 User:
   "root" ""
   12-Jul-90 17:58:45 APPL Request root.@USC.EDU on 128.125.51.1 for visa.pompei
   12-Jul-90 17:58:45 UNKNOWN "visa" "pompei"
   
Tasha, 

You should not be seeing the last 2 lines in the USC.EDU logs.  You
should see only see the request for the TGT for USC2.  The USC2 log
should have a request for visa.pompei.

Are you sure that your application is putting USC2.EDU in the service
realm field for the call to krb_sendauth or krb_mk_req (whichever you
use)?  It looks like the application isn't doing that and it's
defaulting to the local realm (USC.EDU).

		-- Jon