Kerberos cross-realm with AD
Brian Candler
B.Candler at pobox.com
Tue Feb 8 05:08:31 EST 2011
On Tue, Feb 08, 2011 at 04:49:06PM +1100, Jean-Yves Avenard wrote:
> [realms]
> M.DOMAIN.COM = {
> kdc = m.domain.com
> admin_server = m.domain.com
> default_domain = m.domain.com
> }
>
> MEL.DOMAIN.COM = {
> kdc = ad.domain.com
> admin_server = ad.domain.com
> default_domain = ad.domain.com
> auth_to_local = RULE:[1:$1@$0](.*@.*DOMAIN\.COM$)s/@.*//
> }
>
> from what I could read in the documentation, but this still doesn't work.
As I understand it, you need the auth_to_local rule(s) under M.DOMAIN.COM
(the server's realm), not the client realm.
More information about the Kerberos
mailing list