Indirect Cross-realm trust does not work

Solution Unverified - Updated -

Issue

I've created a one way trust between 3 realms, (A,B & C) B tursts A, and C trusts B, and from a client (belongs to A) I can get kvno host/server@C .. but the sshd on realm C complain the cross-realm ticket is illegal, the [capaths] configured as follows.

   A = { 
    C = B
    B = . 
    }
 B = { 
     C = . 
    }

Steps Followed:

  1. Created an indirect trust
  2. Configured [cpaths] section on all nodes
  3. tried to access a service on indirectly trusted domain.

Actual results: sshd returns "Illegal Cross-realm ticket" error.

Expected results: sshd accpt the ticket if turst (and cpaths) are configured properly.

  • Tried to use a RHEL5 machine on the target REALM and I'm able to access the service with no issues.

Environment

  • Red Hat Enterprise Linux 6
  • krb5-libs-1.10.X.Y

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content