Cross-realm authentication?

Derek Harkness dharknes at umd.umich.edu
Wed May 19 16:00:25 EDT 2004


I've read a bit about cross-realm authentication and even kind of have 
it working but not quite the way I want.  So my question is.  Is what I 
want possible.

I currently have two realms ITS and UMD I want all my users to be in 
UMD and all my servers and services in ITS.  In the setup I currently 
have if I log into UMD and then use a kerberized telnet to server1 in 
ITS I get the proper tickets but get authorization denied unless I have 
a .k5login in my home directory.  This isn't what I want.

I want user at UMD to be able to access anything in the ITS realm.  But 
user at ITS should not be able access anything UMD.  The reason for this 
is UMD is currently outside my control and I simply want to use it for 
authentication.  I want a one way trust basically.

Thanks,
Derek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20040519/745d916b/attachment.bin


More information about the Kerberos mailing list