[33188] in Kerberos
Re: Kerberos cross-realm with AD
daemon@ATHENA.MIT.EDU (Jean-Yves Avenard)
Mon Feb 7 21:32:35 2011
MIME-Version: 1.0
In-Reply-To: <20110207181237.GB5705@talktalkplc.com>
Date: Tue, 8 Feb 2011 13:32:21 +1100
Message-ID: <AANLkTimDN5eY+ijURCkOrmmmJwqPT37KJWhS2=fzj=fE@mail.gmail.com>
From: Jean-Yves Avenard <jyavenard@gmail.com>
To: Brian Candler <B.Candler@pobox.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi
On 8 February 2011 05:12, Brian Candler <B.Candler@pobox.com> wrote:
> The *authentication* should just work. Someone in MEL.DOMAIN.COM will be
> able to get a ticket for host/freebsd.server@M.DOMAIN.COM, which that server
> will be able to decrypt using its M.DOMAIN.COM keytab.
So in reference to authentication only.
The krb5.conf on the FreeBSD machine doesn't need to be told about
MEL.DOMAIN.COM whatsoever? and the existing configuration for the
M.DOMAIN.COM realm is all that is required and can be left untouched ?
JY
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
