Cross-Realm authentication
Mel Riser
mriser at webcrayon.com
Fri Jul 2 17:32:45 EDT 2004
I agree Ken
I have a cross realm setup at my lab at my house and at my previous employer we had it working as well.
It's pretty straight forward, but you do have to know your OS and how to configure AD and Kerberos correctly as well as the Unix side.
However the How To Guides by Microsft are VERY GOOD, they spell out every configuration, how and why.
mel
-----Original Message-----
From: Ken Hornstein [mailto:kenh at cmf.nrl.navy.mil]
Sent: Fri 7/2/2004 9:47 AM
To: Rouiller Claude
Cc: Edu Kerberos at Mit. (kerberos at mit.edu)
Subject: Re: Cross-Realm authentication
>Expert: "You can't put your SSO in production, because Kerberos cross realm
>authentication doesn't work!"
>Me: "Is it an issues in Microsoft Kerberos?"
>Expert: "No. The Kerberos protocol has been so poorly designed, that
>cross-realm authentication just doesn't work at all. Maybe Microsoft has
>implemented something proprietary to make it work, but it would not be
>standard!".
What a load of crap.
I personally work with a group of people (about 5000 users) which involve
20 sites, approximately 7-8 Kerberos realms, which make very heavy use
of cross-realm authentication in production, and it works just fine.
I also know of plenty of other sites that use cross-realm authentication
all of the time.
--Ken
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list