multiple domain authentication scenario
Edward Murrell
edward at murrell.co.nz
Thu Aug 13 18:21:02 EDT 2009
You can either add service principles for the other domains to the
keytab, or establish cross realm trusts between the realms. The latter
is probably better if you expect to have lots of places where you need
interoperate.
Cheers,
Edward
On Thu, 2009-08-13 at 17:50 -0400, Farzad Kohantorabi wrote:
> Hello,
>
>
> I have a web application that negotiates a principal with the user's browsers
> and then uses Kerberos for authentication. This works fine when there is only
> one domain. Now I am wondering if this holds water if the user is coming from
> a different domain than the web server's domain (the web server is not supposed
> to be a public server so users come in from internal networks). The thing that
> confuses me is that my server has a keytab for communication with its own KDC,
> and I am not sure if it is possible to authenticate a user from a different
> domain with the web server's KDC?
>
>
>
>
> Cheers,
> Farzad-
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list