[37315] in Kerberos
Cross-realm with AD trusting Kerberos
daemon@ATHENA.MIT.EDU (Leonard J. Peirce)
Wed Nov 11 17:37:10 2015
MIME-version: 1.0
Message-id: <5643C301.2010600@wmich.edu>
Date: Wed, 11 Nov 2015 17:36:49 -0500
From: "Leonard J. Peirce" <leonard.peirce+kerberos@wmich.edu>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
In an attempt to stop syncing passwords between Kerberos and AD and get to
a single password store we are currently testing cross-realm with Active
Directory trusting Kerberos. We have the trust configured and our Windows
admin here says that he can successfully authenticate against our KDC
from an AD-enabled Windows host but is required to specify the @realm
in order to authenticate since our AD domain is different from our
Kerberos realm.
Our Windows admin feels this is unworkable. I'm not really a Windows/AD
expert but looking at the Windows ksetup command the /addhosttorealmmap
and /addrealmflags options look promising.
Has anyone had success with cross-realm and AD trusting Kerberos this
way?
Thanks...
--
Leonard J. Peirce
Western Michigan University
Office of Information Technology
Kalamazoo, MI 49008
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
