[36481] in Kerberos
Re: How to use NFS with multiple principals in different realms?
daemon@ATHENA.MIT.EDU (Simo Sorce)
Wed Sep 17 11:05:48 2014
Date: Wed, 17 Sep 2014 11:05:28 -0400
From: Simo Sorce <simo@redhat.com>
To: Cedric Blancher <cedric.blancher@gmail.com>
Message-ID: <20140917110528.130aeb7b@willson.usersys.redhat.com>
In-Reply-To: <CALXu0UdQ9a4NTjhuXtRuCf6vmpC4B8CunMaH=NaQnUYLY=YAHw@mail.gmail.com>
MIME-Version: 1.0
Cc: Jurjen Bokma <j.bokma@rug.nl>,
NFS Mailing List <linux-nfs@vger.kernel.org>,
Steve Dickson <steved@redhat.com>, kerberos <kerberos@mit.edu>,
linux@pch.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Wed, 17 Sep 2014 13:20:19 +0200
Cedric Blancher <cedric.blancher@gmail.com> wrote:
> What happens if there is no relation between KRB Realm names and
> FQDN/DNS? Can the NFS client find out which KRB Realm is used by the
> server?
Depending on the environment you may have 1 or 2 ways.
1. add domain to realm mapping in the appropriate section in krb5.conf
on the client.
2. allow the KDC to send back a referral (but not all clients will ask
their own KDC, some can do only 1).
Simo.
--
Simo Sorce * Red Hat, Inc * New York
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
