[32858] in Kerberos
Re: service that communicates with different KDCs
daemon@ATHENA.MIT.EDU (Thomas LaPorte)
Thu Nov 4 14:18:19 2010
From: Thomas LaPorte <Thomas.LaPorte@dreamworks.com>
In-Reply-To: <62420e4e-37f4-4a4f-af76-9cffc67fbf98@26g2000yqv.googlegroups.com>
Mime-Version: 1.0 (iPhone Mail 8B117)
Date: Thu, 4 Nov 2010 10:37:14 -0700
Message-ID: <4310854747093660580@unknownmsgid>
To: Ben <benkwint@gmail.com>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I would think that as long as each KDC owner publishes it's SRV
records via DNS, your service would be able to communicate with the
appropriate KDC.
- Tom
Thomas A. La Porte
DreamWorks Animation
thomas.laporte@dreamworks.com
On Nov 4, 2010, at 10:20 AM, Ben <benkwint@gmail.com> wrote:
> Hi there,
>
> I was hoping to get some advice here about setting up a service that
> works with kerberos. The problem is that it's a webservice that
> possibly needs to communicate with different KDCs.
> We have a webserver that runs multiple instances of a certain
> webapplication. More then one client would like to communicate with
> this application using Kerberos, now its my first time working with
> kerberos so i'm quite new. Is it possible to allow this application to
> authenticate users from different KDC's.
>
> My main concern is that you need time synchronisation, which is quite
> difficult if multiple clients want to use their own KDC server.
>
> Thanks in advance
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
