[4103] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Cross-realm authentication

daemon@ATHENA.MIT.EDU (warlord@MIT.EDU)
Thu Oct 27 18:41:25 1994

From: warlord@MIT.EDU
Date: Thu, 27 Oct 94 18:33:04 EDT
To: gfischer@gfischer.asd.tse.ca (Grant Fischer)
Cc: kerberos@MIT.EDU
In-Reply-To: [4101]

> Anybody know how to do cross-realm authentication in Kerberos V4?
> (specifically, CNS)

In your example, you have realms A and B.  Assuming both sites are
running MIT Kerberos (CNS counts), then you can just choose a 
password.  If one site is running Transarc kerberos, then you will
have to play this differently.

In each realm, create an entry in the kerberos server for the other
realm.  In realm A, create the principal:
	krbtgt.B

In realm B, create the principal:
	krbtgt.A

When you create these two principals, you should make sure that they
a) have the same kvno, and
b) have the same DES key (e.g., the same password for MIT Kerberos)

After this, set up your krb.conf and krb.realms appropriately.

-derek


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[4103] in Kerberos

Re: Cross-realm authentication

daemon@ATHENA.MIT.EDU (warlord@MIT.EDU)Thu Oct 27 18:41:25 1994

daemon@ATHENA.MIT.EDU (warlord@MIT.EDU)
Thu Oct 27 18:41:25 1994