[33194] in Kerberos
Re: Kerberos cross-realm with AD
daemon@ATHENA.MIT.EDU (Brian Candler)
Tue Feb 8 05:08:39 2011
Date: Tue, 8 Feb 2011 10:08:31 +0000
From: Brian Candler <B.Candler@pobox.com>
To: Jean-Yves Avenard <jyavenard@gmail.com>
Message-ID: <20110208100831.GD2845@talktalkplc.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <AANLkTimB7ZnKfOH-+O53fxoHz7pqQZ7=BrTmbuGVEiBO@mail.gmail.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Tue, Feb 08, 2011 at 04:49:06PM +1100, Jean-Yves Avenard wrote:
> [realms]
> M.DOMAIN.COM = {
> kdc = m.domain.com
> admin_server = m.domain.com
> default_domain = m.domain.com
> }
>
> MEL.DOMAIN.COM = {
> kdc = ad.domain.com
> admin_server = ad.domain.com
> default_domain = ad.domain.com
> auth_to_local = RULE:[1:$1@$0](.*@.*DOMAIN\.COM$)s/@.*//
> }
>
> from what I could read in the documentation, but this still doesn't work.
As I understand it, you need the auth_to_local rule(s) under M.DOMAIN.COM
(the server's realm), not the client realm.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
