[31831] in Kerberos
Kerberos multi domain
daemon@ATHENA.MIT.EDU (BOUCHER, Flavien)
Fri Jan 1 07:19:53 2010
From: "BOUCHER, Flavien" <flavien.a.boucher@sogeti.com>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Fri, 1 Jan 2010 13:19:21 +0100
Message-ID: <DD8E410DCC51E04D8BBC1D73193263EF0BD21F09@CORPMAIL06.corp.capgemini.com>
Content-Language: fr-FR
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I need to setup kerberos for six distinct domain, there is no trust relationship between each domain.
When I setup one domain by one, it's working.
After testing each domain one by one, I merge the keytab file, and change the krb5.conf file:
[libdefaults]
default_realm = MSDEMO
default_keytab_name = FILE:C:\Kerberos\lcserver01.keytab
default_tkt_enctypes = rc4-hmac des-cbc-md5
default_tgs_enctypes = rc4-hmac des-cbc-md5
forwardable = true
renewable = true
noaddresses = true
clockskew = 300
[realms]
MSDEMO = {
kdc = dc.msdemo.local:88
default_domain = dc.msdemo.local
}
MSDEMO2 = {
kdc = dc2.msdemo2.local:88
default_domain = msdemo2.local
}
[domain_realm]
.msdemo.local = MSDEMO
.msdemo2.local = MSDEMO2
When I merge the keytab of this two domains and change the krb5.conf, just the authentication for MSDEMO is working.
When I change the krb5.conf, and enter default_realm = MSDEMO2, the authentication is working for MSDEMO2.
It's possible to make the authentication works for the both domain in the same time ?
Regards.
Flavien.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
