[33360] in Kerberos
cross realm trust
daemon@ATHENA.MIT.EDU (aydin)
Mon May 2 14:25:16 2011
Message-ID: <4DBEB3D7.7070005@prosoft.com.tr>
Date: Mon, 02 May 2011 16:38:31 +0300
From: aydin <aydin@prosoft.com.tr>
MIME-Version: 1.0
To: "kerberos@mit.edu" <kerberos@mit.edu>
Reply-To: aydin@prosoft.com.tr
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi all,
I am trying to setup a cross realm authentication between microsoft and mit kerberos
running on rhel.
Mit kerberos realm is going to trust to ms realm.
Both kdc'a are running fine in their own realms.
We have set up principals on both kdc's.
krbtgt/mit.realm@ms.realm
A windows client tries to open an ssh connection to a linux system.
Windows client asks krbtgt/mit.realm@ms.realm ticket to its own kdc and
gets the ticket.
This is the point that i get confused and need your help.
Ms client than requests host/sshserver.mit.realm.
As far as I know first both kdc's has to share krbtgt ticket to establish a trust
relation first.
Does anyone knows how this should work.
Regards,
Aydin
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
