[38612] in Kerberos
Question about (no-)cross-realm trust
daemon@ATHENA.MIT.EDU (Vipin Rathor)
Tue Sep 17 22:23:12 2019
MIME-Version: 1.0
From: Vipin Rathor <v.rathor@gmail.com>
Date: Tue, 17 Sep 2019 19:22:47 -0700
Message-ID: <CAN-7Vp=LEfHprH2DXiyGOOMzSWwn1bxNWkrXmVRK1hzQ1Yn2+g@mail.gmail.com>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello Kerberos World!
I am trying to develop an application which can talk to a kerberized
service running in a remote realm. I am aware that this would ideally
require having trust (one way or two way) between my current realm and
remote realm. Additionally, we want to avoid having trust as a requirement
(the folks maintaining remote realm are quite 'possessive' about their
realm). Thinking more about this, I stumbled on this premise which I want
to validate through you the experts!
What if my application can get two TGTs from both the realms and instead of
getting a cross-realm TGS, it can use the respective TGTs to talk to
respective realms?
Am I overlooking something here? Is this a sane thing to do in Kerberos
terms?
Regards,
VR
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
