some cross-realm trust questions
Brian Candler
B.Candler at pobox.com
Mon Dec 27 15:37:33 EST 2010
On Mon, Dec 27, 2010 at 05:20:19AM +0000, Victor Sudakov wrote:
> That's great, but at least at the initialization stage, how is a
> shared key for the corresponding krbtgt principals transferred between
> the two KDCs?
>
> The Windows "New Trust" wizard just asks for a password and never
> offers to export a keytab or anything.
That sounds OK to me - you should just be able to create the same principals
on the remote KDC using addprinc, which will also prompt you for a password.
Enter the same one.
More information about the Kerberos
mailing list