Cross-Realm authentication

Mel Riser mriser at webcrayon.com
Fri Jul 2 17:32:45 EDT 2004


I agree Ken
 
I have a cross realm setup at my lab at my house and at my previous employer we had it working as well.
 
It's pretty straight forward, but you do have to know your OS and how to configure AD and Kerberos correctly as well as the Unix side.
 
However the How To Guides by Microsft are VERY GOOD,  they spell out every configuration, how and why.
 
mel

	-----Original Message----- 
	From: Ken Hornstein [mailto:kenh at cmf.nrl.navy.mil] 
	Sent: Fri 7/2/2004 9:47 AM 
	To: Rouiller Claude 
	Cc: Edu Kerberos at Mit. (kerberos at mit.edu) 
	Subject: Re: Cross-Realm authentication 
	
	

	>Expert: "You can't put your SSO in production, because Kerberos cross realm
	>authentication doesn't work!"
	>Me: "Is it an issues in Microsoft Kerberos?"
	>Expert: "No. The Kerberos protocol has been so poorly designed, that
	>cross-realm authentication just doesn't work at all. Maybe Microsoft has
	>implemented something proprietary to make it work, but it would not be
	>standard!".
	
	What a load of crap.
	
	I personally work with a group of people (about 5000 users) which involve
	20 sites, approximately 7-8 Kerberos realms, which make very heavy use
	of cross-realm authentication in production, and it works just fine.
	
	I also know of plenty of other sites that use cross-realm authentication
	all of the time.
	
	--Ken
	________________________________________________
	Kerberos mailing list           Kerberos at mit.edu
	https://mailman.mit.edu/mailman/listinfo/kerberos
	



More information about the Kerberos mailing list