EAP-Kerberos

Jeffrey Altman jaltman2 at nyc.rr.com
Tue Jul 19 13:55:04 EDT 2005


Saber Zrelli wrote:
> I was referring to a KDC instead of an IAKERB proxy. My thoughts are
> that these proxying functionalities should be moved to the KDC of
> the visited realm. But this would be another topic that I wish to
> start soon.

Why would you want to have the KDC from one realm act as a proxy to
other realms?

You already have a proxy that will be communicating with the KDC
from the local realm.   Why wouldn't that proxy act like a normal
Kerberos client and communicate with each of the realms necessary
to obtain service tickets for the source client?

Jeffrey Altman


More information about the Kerberos mailing list