Cross realm authentication

Sam Hartman hartmans at MIT.EDU
Mon Aug 18 20:19:03 EDT 2003

>>>>> "CJ" == CJ Keist <cjay at> writes:

    CJ> If I understand your message here, then Kerberos right now is
    CJ> not capable of handling this setup.  In that a master realm
    CJ> that holds just user principals, with sub realms holding host
    CJ> principals cannot authenticate a user logging into a client
    CJ> machine in one of the sub realms?

This can work fine.  But you need to statically configure things so
that the clients know what realm each principal lives in.

More information about the Kerberos mailing list