[ Usenet FAQs | Web FAQs | Documents | RFC Index ]
Single Page
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 4.6. "Message stream modified"
Next Document: 4.8. "Couldn't authenticate to server: Bad sendauth version was sent"
-
Search the FAQ Archives
Single Page
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 4.6. "Message stream modified"
Next Document: 4.8. "Couldn't authenticate to server: Bad sendauth version was sent"
4.7. "Illegal cross-realm ticket"
This means that you were using transitive cross-realm authentication and that the authentication path wasn't valid. Question 2.15 explains in greater detail how to configure transitive cross-realm authentication. Note that currently you need to set up your configuration file correctly on every application server, since currently it is the application servers that enforce this restriction. In the next version of the Kerberos protocol it will be possible to have the KDC do the transitive realm check.
Top Document: Kerberos FAQ, v2.0 (last modified 8/18/2000)
Previous Document: 4.6. "Message stream modified"
Next Document: 4.8. "Couldn't authenticate to server: Bad sendauth version was sent"
Single Page
[ Usenet FAQs | Web FAQs | Documents | RFC Index ]
Send corrections/additions to the FAQ Maintainer:
Ken Hornstein <kenh@cmf.nrl.navy.mil>
Last Update October 22 2009 @ 05:26 AM