Cross Realm AD<->MIT Trust, with realm name clash?
Colin Simpson
csimpson at csl.co.uk
Thu Feb 2 14:17:14 EST 2006
The subject largely says it all, I have a Unix MIT Realm and a
Windows AD Realm. Both have the same realm name, which for most things
isn't at all a problem (the passwords a sync'd anyway).
It might be nice for certain PC apps eXceed mainly if the two had a
trust relationship. Now I know this isn't really possible immediately as
the realm names clash. However is there such a thing as a realm
connector (or is such a thing possible) that would achieve this ie a
machine that would sit as a pseudo-KDC in the middle and make windows
appear to be talking to a pretend third realm (with a different name)
that is really the Unix realm with a new name faked in it's produced
tickets (and likewise with the Unix KDC). This connector could mangle
the tickets realm names on the way through.
I'm not sure this is possible as I'm not sure who in a cross realm TGT
get checked with.
Any thoughts?
Colin
More information about the Kerberos
mailing list