cross-realm and connectivity between KDCs
Richard E. Silverman
res at qoxp.net
Fri Feb 22 12:54:47 EST 2008
>>>>> "VS" == Victor Sudakov <vas at mpeks.no-spam-here.tomsk.su> writes:
VS> Colleagues, If cross-realm authentication is configured between
VS> two realms, do the KDCs ever talk directly to each other, or do
VS> they talk only to the client?
VS> In other words, is IP connectivity necessary between the KDCs, or
VS> only between the client and each of the KDCs?
The latter, so far as I know. A client obtains a TGT for the trusting
realm from a KDC in the trusted one, and presents it to a trusting KDC.
VS> -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49 at fidonet
VS> http://vas.tomsk.ru/
--
Richard Silverman
res at qoxp.net
More information about the Kerberos
mailing list