[7009] in Kerberos
Re: Two realms served by a single daemon
daemon@ATHENA.MIT.EDU (Alexandre Khalil)
Thu Apr 4 08:03:29 1996
To: kerberos@MIT.EDU
Date: 3 Apr 1996 20:57:36 GMT
From: iskandar@eesun1.tamu.edu (Alexandre Khalil)
In article <4juj39$4ji@darkstar.UCSC.EDU>,
James H. Haynes <haynes@cats.ucsc.edu> wrote:
>
>In article <4jt7s0$6sl@news.tamu.edu>,
>Alexandre Khalil <iskandar@eesun1.tamu.edu> wrote:
>> We would like to set up a server that would serve two realms.
>You might elaborate on the reasons for wanting to do this. Seems to me the
>reason for having two realms is that neither trusts the Kerberos administrator
>of the other. When they are on the same server it seems like the people
>who run the server have to be trusted by both communities of users.
We use Kerberos to authenticate users of a PPP modem pool on Xyplex
hardware.
We would like to fragment the pool and give access to one piece
to some and access to all pieced to the others.
Ideally we would have used something like NIS/NIS+ which lends itself
to such constructions easily, Xyplex requires Kerberos for authentication.
alex
