Cross Realm: Problem with Default Realm
Miguel Sanders
miguelsanders at telenet.be
Thu Jul 26 16:13:02 EDT 2007
Dear all
I managed to do cross realm authentication between AD realm A and MIT
realm B.
However this only works if, hosts in realm B, have "default_realm =A"
in their krb5.conf. I have some problems with this since there are
quit a lot of other principals in realm B...
Perhaps a setting in krb5.conf that can solve this issue:
Snippet:
[libdefaults]
default_realm = A
default_keytab_name = FILE:/etc/krb5/host.keytab
default_tkt_enctypes = des3-cbc-sha1 arcfour-hmac aes256-cts
des-cbc-md5 des-cbc-crc
default_tgs_enctypes = des3-cbc-sha1 arcfour-hmac aes256-cts
des-cbc-md5 des-cbc-crc
forwardable = true
dns_lookup_realm = no
dns_lookup_kdc = no
[realms]
B = {
kdc = kdc.b.com
}
A = {
kdc = kdc.a.com
}
[domains]
.b.com = B
b.com = B
.a.com = A
a.com = A
More information about the Kerberos
mailing list