Kerberos cross-realm with AD

Jean-Yves Avenard jyavenard at gmail.com
Mon Feb 7 21:32:21 EST 2011


Hi

On 8 February 2011 05:12, Brian Candler <B.Candler at pobox.com> wrote:
> The *authentication* should just work. Someone in MEL.DOMAIN.COM will be
> able to get a ticket for host/freebsd.server at M.DOMAIN.COM, which that server
> will be able to decrypt using its M.DOMAIN.COM keytab.

So in reference to authentication only.

The krb5.conf on the FreeBSD machine doesn't need to be told about
MEL.DOMAIN.COM whatsoever? and the existing configuration for the
M.DOMAIN.COM realm is all that is required and can be left untouched ?

JY



More information about the Kerberos mailing list