KfW krb5.conf inclusions
Douglas E. Engert
deengert at anl.gov
Fri May 4 14:13:19 EDT 2007
David Bear wrote:
> I have been wondering about necessary inclusions in a krb5.conf file
> for use on a windows box that is ALSO joined and authenticating to AD.
> We have to kerb realms; an original MIT kerb5 realm, and a separate
> realm for AD.
Are the realm names different? If so do they do cross realm?
If they ues the same realm name, that could be a problem.
Are user names and passwords synced between them?
If so consider just using AD for the KDCs.
Our MIT realm is used to authentication users of afs.
> Our AD realm is used for ... things microsoft.
Are you going to be at the AFS&Kerberos Best Practices next week?
> Will KfW automagically handle obtaining tickets from the AD realm
> without having anything entries in the krb5.conf file?
> I have entries for both realms currently and I consistently get an
> error from the NetId Manager that it failed to get tickets for our AD
> realm. However, when I look in the NetId Manager I do indeed see
> various tickes from our AD realm. I'm thinking that perhaps the
> additional entries in the krb5.con file are superflous.
> We do get tickets and afs tokens properly from our MIT realm which
> makes afs happy.
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the Kerberos