[7015] in Kerberos
Re: two realms - one server
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Thu Apr 4 14:30:24 1996
Date: Thu, 4 Apr 96 10:30:35 EST
From: Barry Jaspan <bjaspan@MIT.EDU>
To: jbarreto@eesun2.tamu.edu
Cc: kerberos@MIT.EDU
In-Reply-To: <199604032307.RAA22569@ee.tamu.edu> (jbarreto@EESUN2.tamu.edu)
we have been able to get 2 realms serviced by one server. now what
i need is one realm say GRAD getting authenticated on the other say
UGRAD without having a separate principal on the UGRAD realm.
I'm not sure what you mean by "without having a separate principal on
the UGRAD realm." If you mean that you want a user in the GRAD realm
to be authenticated (ie: to obtain a service for a principal) in the
UGRAD realm, than that is what inter-realm authentication is for. If
you mean that you want inter-realm authentication to work without
creating a krbtgt/GRAD@UGRAD principal in the UGRAD realm, that is
impossible.
it looks like the inter-realm concept could help but i haven't been
able to make it work with both realms on the same server. i tried making
principal entries for krbtgt in both realms (crossed over) but it
didn't work.
If it didn't work, then the KDC should be syslogging an error message
indicating why. What is the message?
Barry
