Cross-realm network traffic...
Jiva DeVoe
jiva at devoesquared.com
Thu Nov 17 10:54:52 EST 2005
In the case of cross-realm authentication (ie: user at REALM1.COM
authenticating to service/foo at REALM2.COM) does any traffic pass
between either the respective KDCs or does the user at REALM1.COM client
need to contact the KDC in REALM2?
The context of the question is: if I have one or the other of the two
realms behind a firewall, do I need to open any additional ports
besides the traffic port for my service in order to support kerberos
authentication?
(This is of course assuming the cross-realm principals are configured
appropriately in each realm.)
More information about the Kerberos
mailing list