have you looked at using aliases?
in hemdal you can create aliases for principals as other principals
even in other realms.
it works well with a few exceptions.
1) you can only use kpasswd on the original principal or you get an error
2) kadmin has some order of operations issues with it if you use
In modern implementations no in fact you shouldn't instead you should use the
DNS for all of these settings and at most use the default realm and possibly
the domain to realm matching section.
In most implementations of Kerberos the ability to set this local is deprecated
or not avaliable at all
ail overs when its in the config files but
fail over seamlessly when they use the DNS for discovery.
On Mon, May 14, 2018 at 11:17 AM, Greg Hudson wrote:
> On 05/14/2018 07:30 AM, Paul Robert Marino wrote:
> > In modern implementations no in fact you shouldn't instead you should
> us