[33179] in Kerberos
Kerberos cross-realm with AD
daemon@ATHENA.MIT.EDU (Jean-Yves Avenard)
Sun Feb 6 19:36:59 2011
MIME-Version: 1.0
Date: Mon, 7 Feb 2011 11:36:50 +1100
Message-ID: <AANLkTikxxiJsm9PgrGhX0eAJVXaqcW4rhykyBENPNTVR@mail.gmail.com>
From: Jean-Yves Avenard <jyavenard@gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi there.
I have a mac os server running MIT krb5 v1.7 ; it's been working great
for a while now. The realm used is M.DOMAIN.COM
I am in the process of setting up a Windows 2008 server with Active
Directory. The name of the new domain will be MEL.DOMAIN.COM
I'm trying to understand how I can configure the MIT kerberos server
to accept realm coming from AD.
I have read the MIT documentation and created on both kdc
krbtgt/M.DOMAIN.COM@MEL.DOMAIN.COM
krbtgt/MEL.DOMAIN.COM@M.DOMAIN.COM
I then edited the kerberos krb5.conf with the appropriate capaths and
configured AD to accept M.DOMAIN.COM issued tickets.
What I'm unclear about however, is do I need to configure all kerberos
clients in a similar fashion or is this done only on the 2 kdcs ?
In particular, I have a FreeBSD server running MIT krb5 1.9 with
mod_auth_kerb . It is set to accept M.DOMAIN.COM realm . Do I need to
explicitely configures it to accept MEL.DOMAIN.COM realm, or because
the two kdcs are configured to accept each other it will then be
automatic ?
Thank you
Jean-Yves
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
