Cross-Realm authentication
Ken Hornstein
kenh at cmf.nrl.navy.mil
Fri Jul 2 10:47:56 EDT 2004
>Expert: "You can't put your SSO in production, because Kerberos cross realm
>authentication doesn't work!"
>Me: "Is it an issues in Microsoft Kerberos?"
>Expert: "No. The Kerberos protocol has been so poorly designed, that
>cross-realm authentication just doesn't work at all. Maybe Microsoft has
>implemented something proprietary to make it work, but it would not be
>standard!".
What a load of crap.
I personally work with a group of people (about 5000 users) which involve
20 sites, approximately 7-8 Kerberos realms, which make very heavy use
of cross-realm authentication in production, and it works just fine.
I also know of plenty of other sites that use cross-realm authentication
all of the time.
--Ken
More information about the Kerberos
mailing list