Cross Realm AD<->MIT Trust, with realm name clash?
Colin Simpson
csimpson at csl.co.uk
Mon Feb 6 05:53:51 EST 2006
On Fri, 2006-02-03 at 08:17, Enrico.M.V.Fasanelliatl wrote:
>
> > If it is necessary for these realms to have cross realm relationships
> > with any other realms in common or with each other, then one of the
> > realms must change its name. There is no procedure for changing the
> > name of a realm hosted by a MIT KDC. However, there is such a procedure
> > for Windows 2003 Active Directory. It is extremely painful but it is
> > possible.
>
> Hi Jeff,
>
> any pointer to the documentation on how to do this?
>
> Ciao,
> Enrico
> >
I presume he's referring to the domain renaming tool in W2003 server
which presumably will also rename the Kerberos Realm as it goes.
http://support.microsoft.com/kb/819145/en-us
Unfortunately in my case it won't help as the AD domain concerned is
part of a larger forest that I can't change.
I must say it's quite a suprise that Windows can allow you this
flexibility but MIT Kerberos doesn't. Is it really impossible with MIT
Kerberos?
Thanks
Colin
More information about the Kerberos
mailing list