Hi all, Recently we have implemented the cross-realm authentication support, KDC in one realm can authenticate users in a different realm, so it allows client from another realm to access the cluster. Cross-realm authentication is accomplished by sharing a secret key between the two realms. In both backends should have the krbtgt service principals for realms with same passwords, key version numbers, and encryption types. We have used this feature in Hadoop cluster, after establishing cross realm trust between two secure Hadoop clusters with their own realms, copying data between two secure clusters can work now. And this support also can be used to build trust relationship with MIT Kerberos KDC and we have tested compatibility.
Here is the document about setting up cross realm: https://github.com/apache/directory-kerby/blob/trunk/docs/cross-realm.md Thanks, Jiajia
