Hi,
I need to setup Kerberos client for over 50 domains in 3 forests, where there is a two-way forest level trust. The Kerberos client has an account in one of the forests. SPNEGO works just fine when an end-user is in the same domain/forest as the Kerberos client, but fails if the end-user is in a different domain/forest. >From the documentation I know that while there is a forest level trust, this is doable. The problem is that I don't know how to configure Kerberos to enable this functionality. Does anyone have an experience how Kerberos client can/should be configured in an environment like this? Or is the only way to create over 50 accounts for the Kerberos client into those separate domains, merge keytabs and list all the domains & realms in the Kerberos configuration? Regards, Antti
smime.p7s
Description: S/MIME cryptographic signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
