hello all,
i am Sunil C. i have a domain named xx.com which has a KDC. i also have a domain co.yy where my server is. there is no KDC in it. users are in xx.com domain. but my servers are in (co.yy) domain. i had set up a test scenario with a user and a server in domain (xx.com) since KDc was setup i got ticket and was able to authenticate well using kerberos. my issue is that all my production servers are in domain (co.yy) which doesnt have a KDC. i want to authenticate and use the server services in that domain. setting up KDC is not feasible in both domains for me. now i have done some configuration in krb5.conf file on my server (test.co.yy) [domain_realm] xx.com = XX.COM .xx.com = XX.COM co.yy = XX.COM .co.yy = XX.COM this shows that my domain co.yy which doesnnot have a KDC , i have mapped it to the realm XX.COM . now i have some issues. 1) how can i get a keytab from the KDC of XX.COM ( my server in co.yy) is this command correct ? > ktpass -princ HTTP/[EMAIL PROTECTED] 2) can i get a keytab with that command 3) i have heard of CNAME. can i create a CNAME for my server like denver.xx.com CNAME test.co.yy ? if thats possible i can request a keytab like this > ktpass -princ HTTP/[EMAIL PROTECTED] then will it relate to the real host name> test.co.yy please help me with my questions . -- View this message in context: http://www.nabble.com/Issue-with-KDC-tp14370277p14714285.html Sent from the Kerberos - General mailing list archive at Nabble.com. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
