multi domain

Jeffrey Altman jaltman2 at
Sat Aug 12 13:09:44 EDT 2006

If you only have one realm then you will only have principals in that
one realm.   What the domain_realm section is telling the client is
that each of your domains belongs to the same realm.  Principals belong
to the realm and not the domain.

   user at A.COMPANY.COM
   host/ at A.COMPANY.COM
   host/ at A.COMPANY.COM

Jeffrey Altman

Alex wrote:
> Hi all,
> I have some problem in setting up krb5.conf for client authentication.
> I'm working on a multi domain scenario with several domain like
> A.COMPANY.COM, B.COMPANY.COM, ... and one kdc server (Active Directory)
> that belongs to A.COMPANY.COM domain.
> So I setup a krb5.conf as follows
> [libdefaults]
>         default_realm = A.COMPANY.COM
> [realms]
>         A.COMPANY.COM = {
>             kdc = kdcserver:88
>         }
> [domain_realm]
> Principals that belongs to A.COMPANY.COM are authenticated (kinit
> works), others not.
> For those who are not authenticated kinit returns "Client not found in
> Kerberos database" error message but user exist in AD.
> Any suggestions or how I can get more information would be appreciated.
> Thanks, 
> Alex

More information about the Kerberos mailing list