Dear all
I managed to do cross realm authentication between AD realm A and MIT
realm B.
However this only works if, hosts in realm B, have "default_realm =A"
in their krb5.conf. I have some problems with this since there are
quit a lot of other principals in realm B...
Perhaps a setting in krb5.conf that can solve this issue:
Snippet:
[libdefaults]
default_realm = A
default_keytab_name = FILE:/etc/krb5/host.keytab
default_tkt_enctypes = des3-cbc-sha1 arcfour-hmac aes256-cts
des-cbc-md5 des-cbc-crc
default_tgs_enctypes = des3-cbc-sha1 arcfour-hmac aes256-cts
des-cbc-md5 des-cbc-crc
forwardable = true
dns_lookup_realm = no
dns_lookup_kdc = no
[realms]
B = {
kdc = kdc.b.com
}
A = {
kdc = kdc.a.com
}
[domains]
.b.com = B
b.com = B
.a.com = A
a.com = A
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
