issue : Setting up KDC in two different domains

sunil chandran sunilsushil at rediffmail.com
Fri Dec 28 08:22:49 EST 2007


Hello Edward, Thank you for your reply.I understood the concept from you.Now you tell that we can have two realm with only one KDC. i want to tell u that both domains are entirely different that is the root is not the same.so i want to ask you one more help.I want to get a keytab for co.yy domain . i will show you one example i did for getting keytab for the domain xx.com which already had KDC in it.ktpass -princ HTTP/sip99.xx.com at XX.COMXX.COM (this is the command i did for xx.com)now i want to know for a server sip99 in co.yy , what should i type to get a keytab.since you already told that i can give this domain in the krb5.conf file , please help me how can i a get a keytab for that domain which dont have a KDC?On Thu, 27 Dec 2007 10:18:53 +1300 (NZDT) edward at murrell.co.nz wroteHi.This is quite easy to do, in your DNS or krb5.conf, you need to specifythat the default realm for co.yy is the xx.com realm.For example, if you are using krb5.conf you would have somethi
 ng like this;[domain_realm]xx.com = XX.COM.xx.com = XX.COMco.yy = XX.COM.co.yy = XX.COMThat's about it. :)Cheers,Edward> Hello all,>> I have two domains (xx.com) and (co.yy) two differnt domains> altogether.> i have a KDC set up in (xx.com) . users are in xx.com domain.>> but my servers are in (co.yy) domain.>> i had set up a test scenario with a user and a server in domain (xx.com)> since KDc was setup i got ticket and was able to authenticate well using> kerberos.>> my issue is that all my production servers are in domain (co.yy) which> doesnt have a KDC.> i want to authencticate and use the server services in that domain.> setting> up KDC is not feasible in both domains for me.>> 1. is there any possibility or a way that i can use services from domain(> co.yy) without a KDC set up there?> 2. In other words, which REALM does the my server(co.yy) belong to?> 3. how can i get a keytab for my server in domain(c
 o.yy) which doesnt have> a> KDC ?>> please help me with these critical issues.>> Thanks in advance.>> Sunil> ________________________________________________> Kerberos mailing list Kerberos at mit.edu> https://mailman.mit.edu/mailman/listinfo/kerberos>________________________________________________Kerberos mailing list Kerberos at mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos


More information about the Kerberos mailing list