Kevin Coffman wrote:
We started with a patch that assumed all referrals would go to one place.
We had a need to send referrals to either a test Windows forest or a
production forest. That is where the [domain_referral] stuff came
from. Then we found that some requests were coming in without
fully-qualified names, and therefore we could not determine the
"right" place for the referral. For those requests, we send the
referral to the default place, which in our case is to the production
forest.
Kevin,
Do you think it would be possible to introduce an MIT KDC into an
existing AD environment, such that W2K clients in the AD realm (if
making a request for an unknown principal) can get referred to the MIT
KDC's "default" place?
Many thanks, josh.
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
