Cross Realm AD<->MIT Trust, with realm name clash?
Ken Hornstein
kenh at cmf.nrl.navy.mil
Mon Feb 6 13:07:23 EST 2006
>This is part of what Windows does. Active Directory in Windows 2003
>allows you to provide the KDC multiple names. This allows you to make
>the transition without requiring a flag day.
I hadn't really thought about it past the keying issues, but yow, that
would be a hell of a flag day. From what I've seen, _no_ MIT (or
Heimdal) Kerberos realm has ever renamed in any meaningful sense. This
just illustrates why it's so important to choose the correct realm
name the first time around.
(I find it amazing not that someone at your site made such a bad decision
to create two realms with the same name, but that you're not the first
site to have done so :-/)
--Ken
More information about the Kerberos
mailing list