Cross Realm: Problem with Default Realm
Russ Allbery
rra at stanford.edu
Thu Jul 26 16:23:53 EDT 2007
Miguel Sanders <miguelsanders at telenet.be> writes:
> I managed to do cross realm authentication between AD realm A and MIT
> realm B. However this only works if, hosts in realm B, have
> "default_realm =A" in their krb5.conf. I have some problems with this
> since there are quit a lot of other principals in realm B...
Well, that certainly isn't normally required. I think we need a lot more
information, such as exactly what commands you ran, what their output was,
what you expected their output to be, and what tickets you have in your
cache afterwards.
The domain_realm mapping is normally all that's required for cross-realm
to work properly to hosts subject to that mapping.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list