Single DNS domain for Multiple Kerberos V5 Realms ?
yangurazov, rinat
yangurazov_rinat at emc.com
Fri Sep 16 10:34:38 EDT 2005
"The [domain_realm] section provides a translation from a domain name or
hostname to a Kerberos realm name"
^^^^^^^^
from:
http://web.mit.edu/kerberos/krb5-1.4/krb5-1.4.2/doc/krb5-admin/domain_realm.
html#domain_realm
You may have add the individual hostnames.
Or add more DNS subdomains and rename your hosts to distinguish between the
realms,
you imply it is a "test.domain"
[Rinat] Thank you.
1 case will make krb5.conf thouthands lines long.
2 case is not a good idea for existing DNS infrastructure (actually not only
DNS infrastructure will be impacted) + adds more TCO to it.
I was wondering if there is way to have this type of record in
[domain_realm] section?
.test.domain.com = WINDOWS.ROOT.REALM ; CHILD1.WINDOWS.ROOT.REALM ;
CHILD2.WINDOWS.ROOT.REALM
More information about the Kerberos
mailing list