Mit Kerberos Client With trusted Active directories
Douglas E. Engert
deengert at anl.gov
Fri Jan 4 10:19:07 EST 2008
e70965 wrote:
>
> Hi,
>
> I have Domain_A and Daomain_B (Both are Win2003 Servers).I have made two-way
> trust between Both AD servers.
> I want to do Kerberos authentication from machine which is joined to
> Domain_A using Domain_B user's account.
>
> In this case Suppose my client (in Daomin_A) do not have the access to
> domain_B. Authentication process can be done via Domain_A Server to
> Domain_B Server (I mean getting TGT/TGS).
No. The Domain servers (KDC) don't communicate directly. The client
libs request tickets from the user's KDC in Domain_B, for a TGT. That
TGT is used against Domain_B to get a second TGT usable at Domain_A.
(It is encrypted in the shared secret you setup with the trust.)
The second TGT is then used against Domain_A to get service tickets for
services in Domain_A.
>
> Please help me, if any one knows about this.
>
> Regards,
> Eswar S
>
> ****************************************************************************
> ***********
> This e-mail and attachments contain confidential information from HUAWEI,
> which is intended only for the person or entity whose address is listed
> above. Any use of the information contained herein in any way (including,
> but not limited to, total or partial disclosure, reproduction, or
> dissemination) by persons other than the intended recipient's) is
> prohibited. If you receive this e-mail in error, please notify the sender by
> phone or email immediately and delete it!
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list