You can either add service principles for the other domains to the keytab, or establish cross realm trusts between the realms. The latter is probably better if you expect to have lots of places where you need interoperate.
Cheers, Edward On Thu, 2009-08-13 at 17:50 -0400, Farzad Kohantorabi wrote: > Hello, > > > I have a web application that negotiates a principal with the user's browsers > and then uses Kerberos for authentication. This works fine when there is only > one domain. Now I am wondering if this holds water if the user is coming from > a different domain than the web server's domain (the web server is not > supposed > to be a public server so users come in from internal networks). The thing that > confuses me is that my server has a keytab for communication with its own KDC, > and I am not sure if it is possible to authenticate a user from a different > domain with the web server's KDC? > > > > > Cheers, > Farzad- > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
