issue : Setting up KDC in two different domains

edward@murrell.co.nz edward at murrell.co.nz
Wed Dec 26 16:18:53 EST 2007


Hi.

This is quite easy to do, in your DNS or krb5.conf, you need to specify
that the default realm for co.yy is the xx.com realm.

For example, if you are using krb5.conf you would have something like this;

[domain_realm]
  xx.com = XX.COM
  .xx.com = XX.COM
  co.yy = XX.COM
  .co.yy = XX.COM

That's about it. :)

Cheers,
Edward


> Hello all,
>
>       I have two domains (xx.com) and (co.yy) two differnt domains
> altogether.
> i have a KDC set up in (xx.com) . users are in xx.com domain.
>
> but my servers are in (co.yy) domain.
>
> i had set up a test scenario with a user and a server in domain (xx.com)
> since KDc was setup i got ticket and was able to authenticate well using
> kerberos.
>
> my issue is that all my production servers are in domain (co.yy) which
> doesnt have a KDC.
> i want to authencticate and use the server services in that domain.
> setting
> up KDC is not feasible in both domains for me.
>
> 1. is there any possibility or a way that i can use services from domain(
> co.yy) without a KDC set up there?
> 2. In other words, which REALM does the my server(co.yy) belong to?
> 3. how can i get a keytab for my server in domain(co.yy) which doesnt have
> a
> KDC ?
>
> please help me with these critical issues.
>
> Thanks in advance.
>
> Sunil
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>




More information about the Kerberos mailing list