>If I do that how would the krb5.conf look like ? Can I do a kinit >[EMAIL PROTECTED] ? >How does Kerberos decide to go to win or xad to authenticate the user ?
For UPN logons, Windows clients always send the realm of the domain which the machine is joined to in the AS-REQ. The domain controller will then look up the UPN in the global catalog and, if necessary, return a Kerberos referral to the next realm in the trust path. -- Luke -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
