Kerberos referrals
Josh Howlett
josh.howlett at bristol.ac.uk
Wed Nov 9 16:00:02 EST 2005
Kevin Coffman wrote:
> We started with a patch that assumed all referrals would go to one place.
>
> We had a need to send referrals to either a test Windows forest or a
> production forest. That is where the [domain_referral] stuff came
> from. Then we found that some requests were coming in without
> fully-qualified names, and therefore we could not determine the
> "right" place for the referral. For those requests, we send the
> referral to the default place, which in our case is to the production
> forest.
Kevin,
Do you think it would be possible to introduce an MIT KDC into an
existing AD environment, such that W2K clients in the AD realm (if
making a request for an unknown principal) can get referred to the MIT
KDC's "default" place?
Many thanks, josh.
More information about the Kerberos
mailing list