Windows AD and MIT KDC Cross-Realm Trust

Jeffrey Altman jaltman2 at nyc.rr.com
Mon Feb 16 11:59:39 EST 2004


Digant Kasundra wrote:
> I think that's one of the ways you can do it, but that setup isn't
> considered "pass-through authentication," which is what we are going for.  

That is the only way to do it.  There is no term called "pass-through"
authentication within Kerberos.  The authentication between the MIT and
Microsoft realms are based on cross-realm trusts.  This is exactly what
is described on the page:

http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp

which is the one referenced by the page you listed in your first post:

http://acd.ucar.edu/~fredrick/linux/kerberos/serversetup.html


More information about the Kerberos mailing list