Docs - Cross-realm service ticket retrieval
Closed this issue · 2 comments
margod commented
It is not clear from documentation whether cross realm retrieval of service ticket is supported or NOT.
I have probably quite common use case within enterprise usage scenario, where user from realm1.local needs to access service from realm2.local.
Looking at implementation ( /Kerberos.NET/Client/KerberosClient.cs - 563 ) it look like TGS_REQ is always send to KDC of realm of user rather than KDC of service arising from second realm.
SteveSyfuhs commented
Referrals are supported and work just fine.
Kerberos.NET/Kerberos.NET/Client/KerberosClient.cs
Lines 596 to 610 in 794fcd2
margod commented
Misunderstanding of error related to weak crypto being used for cross-realm trust. Clearly referrals are supported.