Hi Tim,
when I try I obtain this result :
java.lang.ClassCastException: java.lang.NegativeArraySizeException incompatible
with com.ibm.security.krb5.KrbException
at com.ibm.security.krb5.g.a(g.java:78)
at com.ibm.security.krb5.g.a(g.java:10)
at com.ibm.security.krb5.internal.tools.Kinit.a(Kinit.java:126)
at com.ibm.security.krb5.internal.tools.Kinit.<init>(Kinit.java:65)
at com.ibm.security.krb5.internal.tools.Kinit.main(Kinit.java:150)
com.ibm.security.krb5.KrbException, code état : 0
message : java.lang.ClassCastException:
java.lang.NegativeArraySizeException incompatible with
com.ibm.security.krb5.KrbException
Is it an issue with my keytab file ?
Regards.
Flavien.
-----Message d'origine-----
De : Tim Alsop [mailto:tim.al...@cybersafe.com]
Envoyé : dimanche 3 janvier 2010 11:24
À : BOUCHER, Flavien; kerberos@mit.edu
Objet : RE: Kerberos multi domain - Update
Flavien,
Have you tried:
kinit user_n...@msdemo2
Thanks,
Tim
-----Original Message-----
From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On Behalf Of
BOUCHER, Flavien
Sent: 03 January 2010 09:01
To: kerberos@mit.edu
Subject: Re: Kerberos multi domain - Update
Hi,
thaks for your answer Edward. My two KDC have distinct IP @ and port.
I have done a test with KINIT. When I run 'KINIT -A user_name' , the KINIT
command build user_n...@msdemo<mailto:user_n...@msdemo> , MSDEMO is the
default_realm setup in my krb5.conf. How could I obtain
user_n...@msdemo2<mailto:user_n...@msdemo2> except by changing default_realm in
krb5.conf ?
Regards.
Flavien.
Date: Sat, 02 Jan 2010 15:10:56 +1300
From: Edward Murrell <edw...@murrell.co.nz>
Subject: Re: Kerberos multi domain
To: "kerberos@mit.edu" <kerberos@mit.edu>
Message-ID: <1262398256.2052.29.ca...@boyle>
Content-Type: text/plain; charset="UTF-8"
As far as I know, MIT kerberos can run multiple KDC's from the same machine,
but each realm needs to have it's own IP or set of ports.
On Fri, 2010-01-01 at 13:19 +0100, BOUCHER, Flavien wrote:
> Hi,
>
> I need to setup kerberos for six distinct domain, there is no trust
> relationship between each domain.
> When I setup one domain by one, it's working.
>
> After testing each domain one by one, I merge the keytab file, and change the
> krb5.conf file:
>
> [libdefaults]
> default_realm = MSDEMO
> default_keytab_name =
> FILE:C:\Kerberos\lcserver01.keytab<file:C:/Kerberos/lcserver01.keytab>
> default_tkt_enctypes = rc4-hmac des-cbc-md5
> default_tgs_enctypes = rc4-hmac des-cbc-md5
> forwardable = true
> renewable = true
> noaddresses = true
> clockskew = 300
> [realms]
> MSDEMO = {
> kdc = dc.msdemo.local:88
> default_domain = dc.msdemo.local
> }
>
> MSDEMO2 = {
> kdc = dc2.msdemo2.local:88
> default_domain = msdemo2.local
> }
> [domain_realm]
> .msdemo.local = MSDEMO
> .msdemo2.local = MSDEMO2
>
>
> When I merge the keytab of this two domains and change the krb5.conf, just
> the authentication for MSDEMO is working.
> When I change the krb5.conf, and enter default_realm = MSDEMO2, the
> authentication is working for MSDEMO2.
>
> It's possible to make the authentication works for the both domain in the
> same time ?
>
> Regards.
>
> Flavien.
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
____________________________________________________________
Flavien Boucher / Sogeti / Paris France
Mob. : +33 (0) 6.07.72.60.67
www.sogeti.com<http://www.sogeti.com/>
Email : flavien.a.bouc...@sogeti.com<mailto:flavien.a.bouc...@sogeti.com>
6-8 rue Duret / 75016 Paris
Join the Collaborative Business Experience
____________________________________________________________
P
Please consider the environment and do not print this email unless absolutely
necessary. Sogeti encourages environmental awareness.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
