[7687] in Kerberos
Re: Cross-realm authentication
daemon@ATHENA.MIT.EDU (Paul A Vixie)
Sun Jul 28 05:22:39 1996
To: kerberos@MIT.EDU
Date: 28 Jul 1996 06:28:57 GMT
From: vixie@vix.com (Paul A Vixie)
> Help Please!
With the help of several Kerberos wizards, I finally learned about K4
cross-realm authentication recently. It's so simple it's embarrassing
that someone had to explain it to me.
In the NET.CSUCHICO.EDU realm, add this principal:
principal: rcmd
instance: ECST.CSUCHICO.EDU
password: SharedSecret
In the ECST.CSUCHICO.EDU realm, add this principal:
principal: rcmd
instance: NET.CSUCHICO.EDU
password: SharedSecret
You don't have to use "SharedSecret" -- anything will do as long as it's
the same password both times. I moused in some line noise which I will
never remember, since I don't care to remember it.
That's _IT_. On a system whose srvtab and krb.conf files make it part of
either of the above realms, you can put things into ~/.klogin containing
ticket names in either of the above realms. krb.cont and krb.realms have
to list servers and domain bindings for both realms, too.
It doesn't work for ~root/.klogin (used by "su" on BSD/OS) but that's as
it should be, in my humble opinion.
--
Paul Vixie
La Honda, CA "Illegitimibus non carborundum."
<paul@vix.com>
pacbell!vixie!paul
