Issue with KDC
Donn Cave
donn at u.washington.edu
Tue Dec 18 13:55:13 EST 2007
In article <mailman.115.1197917539.11331.kerberos at mit.edu>,
sunilcnair <sunilcnair at hotmail.com> wrote:
> This is Sunil here, i am working on the cross domain authentication using
> kerberos, i have
> two domains(xx.com) and(co.yy), and i am in a dilemma as to install 2KDC in
> both the domains or is it sufficient for the kdc to be installed in only one
> single domain, and register the other domain as just the user of the domain
> in which the kdc is installed.Also I’d like to avoid cross realms
> scenario,because we should set up another KDC.(thats bit difficult)is there
> any other possibilities of using two domain for kerberos without having KDC
> on both the domains please do clear my doubt. Looking for an answer
Kerberos is basically indifferent to DNS domains, and
one Kerberos "realm" can certainly serve many DNS domains.
Application software may rely on DNS for realm information,
though - configuration files may specify realm/domain maps,
and Kerberos realm information can be published in special
DNS SRV and TXT records. If you have tried this and were
not able to make it work, check that the [domain_realm]
section of your configuration file includes the new domain.
Donn Cave, donn at u.washington.edu
More information about the Kerberos
mailing list