Krb5.conf in multi domain/forest environment

antti.ropponen@accenture.com antti.ropponen at accenture.com
Tue Jan 12 02:51:38 EST 2010


Hi,

 

I need to setup Kerberos client for over 50 domains in 3 forests, where
there is a two-way forest level trust. The Kerberos client has an account in
one of the forests. SPNEGO works just fine when an end-user is in the same
domain/forest as the Kerberos client, but fails if the end-user is in a
different domain/forest.

 

>From the documentation I know that while there is a forest level trust, this
is doable. The problem is that I don't know how to configure Kerberos to
enable this functionality. 

 

Does anyone have an experience how Kerberos client can/should be configured
in an environment like this? Or is the only way to  create over 50 accounts
for the Kerberos client into those separate domains, merge keytabs and list
all the domains & realms in the Kerberos configuration?

 

Regards,

 

Antti

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5103 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20100112/28a3e8d7/attachment.bin


More information about the Kerberos mailing list