EAP-Kerberos
Jeffrey Altman
jaltman2 at nyc.rr.com
Tue Jul 19 13:55:04 EDT 2005
Saber Zrelli wrote:
> I was referring to a KDC instead of an IAKERB proxy. My thoughts are
> that these proxying functionalities should be moved to the KDC of
> the visited realm. But this would be another topic that I wish to
> start soon.
Why would you want to have the KDC from one realm act as a proxy to
other realms?
You already have a proxy that will be communicating with the KDC
from the local realm. Why wouldn't that proxy act like a normal
Kerberos client and communicate with each of the realms necessary
to obtain service tickets for the source client?
Jeffrey Altman
More information about the Kerberos
mailing list