[5901] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Inter-realm authentication ( V4 )

daemon@ATHENA.MIT.EDU (Doug Engert)
Fri Sep 22 09:52:44 1995

Date: Fri, 22 Sep 95 08:41:06 CDT
From: "Doug Engert" <DEEngert@anl.gov>
To: <KERBEROS@MIT.EDU>

Bill Morris, In response to you note:

I believe you need two sets of principals, each with their own key.

Add krbtgt.FOO@BAR  and krbtgt.BAR@FOO to Both KDCs.

Since there are two keys, you can actually have the cross-realm
work in only one direction! but Don't ask me which way is which.

In effect the receiving KDC uses the entry in its database much
like a server would use the srvtab entry to find the key to use
to decode the entry.

Kerberos 5 works the same way, but DCE uses only one entry,
much like you had tried.

Hopes this helps.

           Douglas E. Engert
           Systems Programming
           Argonne National Laboratory
           9700 South Cass Avenue
           Argonne, Illinois  60439
           (708) 252-5444

           Internet: DEEngert@anl.gov


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[5901] in Kerberos

Inter-realm authentication ( V4 )

daemon@ATHENA.MIT.EDU (Doug Engert)Fri Sep 22 09:52:44 1995

daemon@ATHENA.MIT.EDU (Doug Engert)
Fri Sep 22 09:52:44 1995