Hi Pratyush, Kerby does not support the cross realm, this is one of the important missing features.
Thanks Jiajia -----Original Message----- From: pratyush parimal [mailto:[email protected]] Sent: Thursday, June 15, 2017 3:10 AM To: [email protected] Subject: [Kerby] How to setup 1-way trust for cross-realm authentication between two KDC's ? Hi everyone, I'm wondering if Kerby supports setting up 1-way trusts, similar to using the [capaths] directive in MIT kerberos. For example, in MIT kdc, if I wanted to setup cross-realm auth between a source realm R1.COM and destination realm R2.COM, I would have to add the following section to R1.COM's krb5.conf: [capaths] R2.COM = { R1.COM = . } , followed by adding the principal "krbtgt/[email protected]" with the same password to both the KDCs. Is it possible to achieve the same with Kerby? If so, I'd really appreciate it if someone could point me to a Java example for setting up capaths in Kerby. Cheers, Pratyush
