Kerberize Webserver outside our domain

Andreas Bruckmeier dev at bruckmeier.org
Wed Dec 15 02:44:09 EST 2010


Hi all,

we will set up a new domain in our office using a windows server with active
directory and it´s Kerberos component.
In a test environment we where able to kerberize a local webserver with
mod_auth_kerb.
Now I have the question if it is possible to also kerberize a public
webserver standing outside our office, maybe with the webserver connected
via VPN for KDC-connections.
Is this possible and is this the main purpose of the domain_realm mapping?
If not, how could we solve this in a good way?

For example:

Local office domain -> company.lan -> Realm: COMPANY.LAN
The external webserver -> something.de -> Domain-Realm-Mapping:
.something.de = COMPANY.LAN

Best regards
Andi





More information about the Kerberos mailing list