some cross-realm trust questions
Russ Allbery
rra at stanford.edu
Sun Dec 26 14:53:05 EST 2010
Victor Sudakov <vas at mpeks.no-spam-here.tomsk.su> writes:
> 2. Are there any success stories of servers in a Heimdal realm
> authenticating users from a trusted Microsoft AD based realm?
Yes, we do this.
> Is there a documentation how to setup such one way trust?
We have a bidirectional trust, but I think the setup is substantially the
same. It's just like a regular bidirectional trust, except you would then
delete the krbtgt principal for the Active Directory realm from the
Heimdal realm.
There's a section in the Heimdal manual on setting up cross-realm trust.
On the Active Directory side, I've not done it personally, but:
http://technet.microsoft.com/en-us/library/cc738617%28WS.10%29.aspx
looks like the right documentation, and I think you want one-way incoming
if I understand that properly.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list