"The [domain_realm] section provides a translation from a domain name or
hostname to a Kerberos realm name"
^^^^^^^^
from:
http://web.mit.edu/kerberos/krb5-1.4/krb5-1.4.2/doc/krb5-admin/domain_realm.html#domain_realm
You may have add the individual hostnames.
Or add more DNS subdomains and rename your hosts to distinguish between the
realms,
you imply it is a "test.domain"
yangurazov, rinat wrote:
Hello,
Could anyone help to understand how to [domain_realm] section should look
like for the multiple Kerberos Realms configured in the single DNS domain?
For example:
DNS domain name = test.domain.com
REALM1 = test.domain.com
REALM2 = windows.root.realm
REALM3 = child1.windows.root.realm
REALM4 = child2.windows.root.realm
REALM5 = linux.test.domain.com
REALM6 = solaris.test.domain.com
Idea is to have all realms in krb5.conf file on server so depending from
which REALM request came from it will talk to the right KDC (all KDCs are in
the same DNS zone).
Based on the man pages [domain_realm] covers only DNS to REALM1 translation.
I have no idea how to correlate other REALMS to the same DNS domain name.
[domain_realm]
.test.domain.com = TEST.DOMAIN.COM
I do not know if adding more lines like
.test.domain.com = WINDOWS.ROOT.REALM
.test.domain.com = CHILD1.WINDOWS.ROOT.REALM
.test.domain.com = CHILD2.WINDOWS.ROOT.REALM
Etc.
Is supported or not.
Best regards,
Rinat Yangurazov
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
