Cross realm special question
Sonja Benz
sonja.benz at de.ibm.com
Tue Oct 25 02:39:40 EDT 2011
Hello,
my example may be uncommon, but imagine an application which is not
kerberized
wants to use the passwords of a KDC for user authentication.
To make the situation even more special, assume the principal is stored in
a KDC which only can be accessed via cross realm trust.
------------ ------------
KDC A KDC B
Realm: A.COM <---trust ---> Realm: B.COM
------------ ------------
--------------
host.other.com
--------------
Let the application be kinit, for example:
Now, assume the user's password is stored in realm B.COM and the user at
host.other.com is only able to access KDC A. Is it possible to get
host.other.com: $ kinit principal at B.COM
working?
Sonja
More information about the Kerberos
mailing list