I am very new to Kerberos authentication and am having problems with getting
a ticket for a users on multiple AD Realms.
The client OS is OS X 10.4.x and using LDAP Mappings and /etc/authorization
for kerb ticket at login window.

The user names are like this:

This is what my edu.mit.kerberos file looks like:

default_realm = DOM1.WIN

DOM1.WIN = {
admin_server = server1.dom1.win.:749
kdc = server1.dom1.win.:88
DOM2.WIN = {
admin_server = server1.dom2.win.:749
kdc = server1.dom2.win.:88

The first thing is that I don't believe @DOM1 is mapping to the DOM1.WIN and
it just defaults to DOM1.WIN in the edu.mit.kerberos file. As a consequence
this user (firstname.lastname@DOM1) gets a ticket.
So when firstname.lastname@DOM2 try's it cant resolve to DOM2 to it defaults
to DOM1.WIN in the edu.mit.kerberos file and fails to get a ticket

Does anyone have any ideas on the way forward here? I am really stuck!

Any help would be much appreciated!

Ben W Young
Technology Services Administrator

************************************************** ********************
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
************************************************** ********************