krb5.conf and cross-realm authentication
O'Malley
mike.l.omalley at intel.com
Thu Jan 15 11:05:40 EST 2004
At our site we have principals (user accounts) in a Windows 2000 AD domain,
lets call this realm WIN.AD. I have configured Kerberos on my workstation
and can get my krbtgt from the AD using my account--so far so good.
I have created a second realm for my servers, lets call this realm
NOT.WIN.AD, where I have created "host", "telnet", and account principals.
I can kinit and ktelnet between systems in the realm using the NOT.WIN.AD
account principal (user1 at NOT.WIN.AD).
I would like to use the WIN.AD accounts to access the NOT.WIN.AD resources.
Can I use mappings in the krb5.conf [capaths] section to accomplish this?
I have already tried the following without success:
[capaths]
NOT.WIN.AD = {
WIN.AD = .
}
WIN.AD = {
WIN.AD = .
}
thanks,
...Mike
More information about the Kerberos
mailing list