Authenticating users against w2k3

Luke Howard lukeh at padl.com
Fri May 12 02:41:47 EDT 2006


>If I do that how would the krb5.conf look like ? Can I do a kinit 
>mba2000 at ioplex.com ?
>How does Kerberos decide to go to win or xad to authenticate the user ?

For UPN logons, Windows clients always send the realm of the
domain which the machine is joined to in the AS-REQ.

The domain controller will then look up the UPN in the global
catalog and, if necessary, return a Kerberos referral to the
next realm in the trust path.

-- Luke

--



More information about the Kerberos mailing list