On Tue, Jul 14, 2020 at 3:55 PM Jonathan Towles wrote:
>
> I got it to work if I reference the UPN in the command.
>
> The application is doing AS-Requests.
Note that S4U2Self would also use AS-REQ for the client-referrals step
(when enterprise names are used), and then switch to TGS-REQ for the
On Tue, Jul 14, 2020 at 3:37 PM Jonathan Towles wrote:
>
> I'm working with an application inside of a Docker container that uses GSS to
> do Kerberos Constrained Delegation.
Constrained Delegation (S4U2Proxy) is a way to get a service ticket,
but the client name is determined in a preceding ste
Isaac Boukris
Sent: Tuesday, July 14, 2020 9:54 AM
To: Jonathan Towles
Cc: Bryan Mesich ; kerberos@mit.edu
Subject: Re: Kerberos Database Sync with Sub-Domains
On Tue, Jul 14, 2020 at 3:37 PM Jonathan Towles wrote:
>
> I'm working with an application inside of a Docker container that u
erberos@mit.edu
Subject: Re: Kerberos Database Sync with Sub-Domains
On Tue, Jul 14, 2020 at 3:22 PM Jonathan Towles wrote:
>
> So by using enterprise principal names, you can essentially point it at the
> parent domain KDC, and it can get a ticket for even users in the sub-domains?
Clie
On Tue, Jul 14, 2020 at 3:22 PM Jonathan Towles wrote:
>
> So by using enterprise principal names, you can essentially point it at the
> parent domain KDC, and it can get a ticket for even users in the sub-domains?
Client-referrals are used to locate the realm, see details in RFC 6806.
> That's
m) 978-609-5545
-Original Message-
From: Isaac Boukris
Sent: Tuesday, July 14, 2020 8:38 AM
To: Jonathan Towles
Cc: Bryan Mesich ; kerberos@mit.edu
Subject: Re: Kerberos Database Sync with Sub-Domains
On Tue, Jul 14, 2020 at 2:23 PM Jonathan Towles wrote:
>
> Hi Bryan,
>
&g
g in the sub-domains
>
> I'm not sure if you can actually make #2 work or not. When I have tried, I
> get user not found in the database issues.
>
> Jon Towles
> CTO, Synterex
> (m) 978-609-5545
>
>
>
> -Original Message-----
> From: Bryan Mesich
&g
not sure if you can actually make #2 work or not. When I have tried, I get
user not found in the database issues.
Jon Towles
CTO, Synterex
(m) 978-609-5545
-Original Message-
From: Bryan Mesich
Sent: Monday, July 13, 2020 11:01 PM
To: Jonathan Towles
Cc: kerberos@mit.edu
Subject: Re: Ke
On Mon, Jul 13, 2020 at 06:58:39PM +, Jonathan Towles wrote:
> Hi All,
Hello,
> I wanted to ask a question that I have been unable to get clear information
> on.
>
> Is it technically or functionally possible to get a Kerberos ticket for
> someone in the sub-domain against the parent doma
