Single DNS domain for Multiple Kerberos V5 Realms ?
Douglas E. Engert
deengert at anl.gov
Fri Sep 16 10:16:20 EDT 2005
"The [domain_realm] section provides a translation from a domain name or
hostname to a Kerberos realm name"
^^^^^^^^
from:
http://web.mit.edu/kerberos/krb5-1.4/krb5-1.4.2/doc/krb5-admin/domain_realm.html#domain_realm
You may have add the individual hostnames.
Or add more DNS subdomains and rename your hosts to distinguish between the realms,
you imply it is a "test.domain"
yangurazov, rinat wrote:
> Hello,
>
> Could anyone help to understand how to [domain_realm] section should look
> like for the multiple Kerberos Realms configured in the single DNS domain?
>
> For example:
> DNS domain name = test.domain.com
> REALM1 = test.domain.com
> REALM2 = windows.root.realm
> REALM3 = child1.windows.root.realm
> REALM4 = child2.windows.root.realm
> REALM5 = linux.test.domain.com
> REALM6 = solaris.test.domain.com
>
> Idea is to have all realms in krb5.conf file on server so depending from
> which REALM request came from it will talk to the right KDC (all KDCs are in
> the same DNS zone).
>
> Based on the man pages [domain_realm] covers only DNS to REALM1 translation.
> I have no idea how to correlate other REALMS to the same DNS domain name.
>
> [domain_realm]
> .test.domain.com = TEST.DOMAIN.COM
>
> I do not know if adding more lines like
> .test.domain.com = WINDOWS.ROOT.REALM
> .test.domain.com = CHILD1.WINDOWS.ROOT.REALM
> .test.domain.com = CHILD2.WINDOWS.ROOT.REALM
> Etc.
> Is supported or not.
>
> Best regards,
>
> Rinat Yangurazov
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list