<P>Hi all,
<P>First of all, thanks for your response. However, I'm still not understanding what the non-trivial design issues are with supporting proxy KDC and why one would not want to use this feature were it implemented? I would think that this feature would be popular, but I don't know Kerberos well enough to understand the problems with it.
<P>Thanks for your time and help.
<P>Monica
<P>
<P> <B><I>Sam Hartman <hartmans@mit.edu></I></B> wrote:
<BLOCKQUOTE style="BORDER-LEFT: #1010ff 2px solid; MARGIN-LEFT: 5px; PADDING-LEFT: 5px">>>>>> "Monica" == Monica Lau <MLLAU2002@YAHOO.COM>writes:<BR><BR>Monica> Hi all,<BR><BR>Monica> I was wondering if the MIT Kerberos server supports<BR>Monica> proxy KDC. For example, I have two KDCs in my network,<BR>Monica> KDC A and KDC B. If a user tries to authenticate to KDC<BR>Monica> A, and KDC A can't find that user's entry in its database,<BR>Monica> KDC A will automatically contact KDC B and send the<BR>Monica> authentication reply back to the user.<BR><BR>This feature is not supported.<BR>I think there are non-trivial design issues associated with doing this.<BR>I suspect we would not be interested in the feature were it implemented.<BR>_______________________________________________<BR>krbdev mailing list krbdev@mit.edu<BR>http://mailman.mit.edu/mailman/listinfo/krbdev</BLOCKQUOTE><p><br><hr size=1>Do you Yahoo!?<br>
<a href="http://webhosting.yahoo.com/ ">Y! Web Hosting</a> - Let the expert host your web site