Re: [BUG] JGSS is querying wrong realm for service ticket and fails ultimately

2024-08-30 Thread Osipov, Michael (IN IT IN)
On 2024-08-30 14:44, Wei-Jun Wang wrote: Hi Michael, Java starts from the default KDC and it expects a referral could happen. I guess you mean default realm's KDC, not default KDC? If so, it fails because the KDC is not entitled to send referrals. Does MIT krb5 always start from the clien

Re: [BUG] JGSS is querying wrong realm for service ticket and fails ultimately

2024-08-30 Thread Osipov, Michael (IN IT IN)
Let me perform an in-depth analysis with python-gssapi and give you the behavior with MIT Kerberos compared to JGSS. Something is fishly here. Michael On 2024-08-30 14:44, Wei-Jun Wang wrote: Hi Michael, Java starts from the default KDC and it expects a referral could happen. Does MIT krb5 a

Re: [BUG] JGSS is querying wrong realm for service ticket and fails ultimately

2024-08-30 Thread Wei-Jun Wang
Hi Michael, Java starts from the default KDC and it expects a referral could happen. Does MIT krb5 always start from the client’s own KDC? If you change the default realm to AD001.SIEMENS.NET, does it work? Does it work with your other scenarios? Thanks, Max On Aug 3

[BUG] JGSS is querying wrong realm for service ticket and fails ultimately

2024-08-30 Thread Osipov, Michael (IN IT IN)
Folks, please consider the following case/bug with JGSS: Tried with OpenJDK 8u4xx, can try newer, but doubt that it will be any different. * KDCs are Active Directory * Machine: member of INNOMOTICS.NET * krb5.conf: Default realm is INNOMOTICS.NET * Client: Logged in from a different realm in