Single DNS domain for Multiple Kerberos V5 Realms ?
yangurazov, rinat
yangurazov_rinat at emc.com
Fri Sep 16 00:51:21 EDT 2005
Hello,
Could anyone help to understand how to [domain_realm] section should look
like for the multiple Kerberos Realms configured in the single DNS domain?
For example:
DNS domain name = test.domain.com
REALM1 = test.domain.com
REALM2 = windows.root.realm
REALM3 = child1.windows.root.realm
REALM4 = child2.windows.root.realm
REALM5 = linux.test.domain.com
REALM6 = solaris.test.domain.com
Idea is to have all realms in krb5.conf file on server so depending from
which REALM request came from it will talk to the right KDC (all KDCs are in
the same DNS zone).
Based on the man pages [domain_realm] covers only DNS to REALM1 translation.
I have no idea how to correlate other REALMS to the same DNS domain name.
[domain_realm]
.test.domain.com = TEST.DOMAIN.COM
I do not know if adding more lines like
.test.domain.com = WINDOWS.ROOT.REALM
.test.domain.com = CHILD1.WINDOWS.ROOT.REALM
.test.domain.com = CHILD2.WINDOWS.ROOT.REALM
Etc.
Is supported or not.
Best regards,
Rinat Yangurazov
More information about the Kerberos
mailing list