Reading the docs on cross realm authentication is making me go crossed eyed ;). I'll try my best to explain what it is I'm wanting to do with cross realm authentication.
We have two realms 1) COLOSTATE.EDU and 2) ENGR.COLOSTATE.EDU (my realm). The top realm is going to house just user principals with passwords, and my realm will house just my host principals. So what I want to happen is when a user tries to login to one of my workstations it will go to my KDC, my KDC will say I don't know this user so will pass it on to COLOSTATE.EDU KDC server. The COLOSTATE.EDU KDC will say yes I know this user and then pass the authentication on down to my KDC and then on to the client so the user will be able to login.
Reason I have to do this is that the Network guys for CSU don't want me to login to their KDC server, and they don't want to enter in all my host principals. So we're trying to find a work around.
Here is what my krb5.conf file looks like:
# krb5.conf template
#
[libdefaults]
default_realm = ENGR.COLOSTATE.EDU[realms]
ENGR.COLOSTATE.EDU = {
kdc = kerberos.engr.colostate.edu
admin_server = kerberos.engr.colostate.edu
}
COLOSTATE.EDU = {
kdc = kdc1.KERBEROS.ColoState.EDU:88
admin_server = kdc1.KERBEROS.ColoState.EDU:749
default_domain = kerberos.colostate.edu
}[capaths]
ENGR.COLOSTATE.EDU = {
COLOSTATE.EDU = .
}[domain_realm]
.engr.colostate.edu = ENGR.COLOSTATE.EDUCan anyone see what I'm doing wrong?
------------------------------------------------------------------------ ---------------------------
C. J. Keist Email: [EMAIL PROTECTED] UNIX/Network Manager Phone: 970-491-0630 Engineering Network Services Fax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301
All I want is a chance to prove 'Money can't buy happiness'"
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
