service that communicates with different KDCs
Greg Hudson
ghudson at MIT.EDU
Fri Nov 5 10:56:46 EDT 2010
On Thu, 2010-11-04 at 06:53 -0400, Ben wrote:
> The problem is that it's a webservice that
> possibly needs to communicate with different KDCs.
Kerberos services don't actually need to communicate with KDCs unless
they also act as Kerberos clients for some reason.
> Is it possible to allow this application to
> authenticate users from different KDC's.
Yes, this is possible.
> My main concern is that you need time synchronisation, which is quite
> difficult if multiple clients want to use their own KDC server.
One would hope that all of the KDCs are within a few seconds of the
correct time.
More information about the Kerberos
mailing list