service that communicates with different KDCs

[Thomas LaPorte]

I would think that as long as each KDC owner publishes it's SRV
records via DNS, your service would be able to communicate with the
appropriate KDC.

- Tom

Thomas A. La Porte
DreamWorks Animation
thomas.laporte at dreamworks.com

On Nov 4, 2010, at 10:20 AM, Ben <benkwint at gmail.com> wrote:

> Hi there,
>
> I was hoping to get some advice here about setting up a service that
> works with kerberos. The problem is that it's a webservice that
> possibly needs to communicate with different KDCs.
> We have a webserver that runs multiple instances of a certain
> webapplication. More then one client would like to communicate with
> this application using Kerberos, now its my first time working with
> kerberos so i'm quite new. Is it possible to allow this application to
> authenticate users from different KDC's.
>
> My main concern is that you need time synchronisation, which is quite
> difficult if multiple clients want to use their own KDC server.
>
> Thanks in advance