On 07/11/12 16:01 +0800, John/SML wrote:
Hi Dan,
When I check the Kerberos messages, TGS-REP shows :-
TGS-REP
Client realm : SML.CITIZEN.CO.JP
Client name (Principal): host/imapsv04.sml.citizen.co.jp
Name-type: Principal(1)
Name: host
Name: imapsv04.sml.citizen.co.jp
1. What command or event was occurring while this was captured?
2. Are the KDC and OpenLDAP servers the same in both cases (is it just the
client that has changed)?
3. What ldapwhoami command are you using (please include all command line
options)?
host/<hostname> is standard for operations performed while running as root
on a given host. If this was generated while performing an ldapwhoami, then
your klist should show:
#~ klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: host/imapsv04.sml.citizen.co.jp@xxxxxxxxxxxxxxxxx
Issued Expires Principal
...
What service ticket was in the corresponding TGS-REQ? Was there a request
for a ldap/a.b.c@B.C ticket? Does it exist in your KDC database?
On the working system (Heimdal 1.0.1 + SASL 2.1.22) , the TGS-REP should
be my
Kerberos principal :-
TGS-REP
Client realm : SML.CITIZEN.CO.JP
Client name (Principal): john
Name-type: Principal(1)
Name: john
Ticket : ......
Server name (service and host): ldap/tunis.pvd.citizen.co.jp
.....
--
Dan White
