> That is the only way to do it. There is no term called > "pass-through" authentication within Kerberos. The > authentication between the MIT and Microsoft realms are based > on cross-realm trusts. This is exactly what is described on the page:
I guess I am using the phrase "pass-through" authentication as it is referenced below: http://acd.ucar.edu/~fredrick/linux/kerberos/testbed.html (e.g. a workstation on a domain authning against Krb and authzing against AD as opposed to a standalone workstation doing the same thing). Sorry for my misunderstandings. That being the case, when a user tries to login using [EMAIL PROTECTED], I do see a request hit the KDC but the user still does not get logged in. According to the logs, I see an AS_REQ "[EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED]". In my principles on the KDC machine (montyburns), I have [EMAIL PROTECTED], krbtgt/[EMAIL PROTECTED], krbtgt/[EMAIL PROTECTED] and krbtgt/[EMAIL PROTECTED] (as well as the kadmin ones that are created at install). What else should I look at? ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
