Two realms and access to Kerberized NFS areas?
Kevin Longfellow
klongfel at yahoo.com
Thu Sep 6 08:54:47 EDT 2012
Hi,
Any advice on possible/best solutions for the below scenario?
Two Kerberos REALM's:
REALM1.COM
REALM2.COM
Assume they are separate realms with no cross-realm authentication.
user logs in and runs kinit kbprinc at REALM1.COM
user accesses KerberizedNFS home areas in REALM1.COM
user now needs access to KerberizedNFS areas in REALM2.COM
Can they simply run kinit kbprinc at REALM2.COM and both realms tgt/tgs will be maintained separately with both NFS areas being accessible?
or
When they run kinit kbprinc at REALM2.COM will that remove the tgt/tgs for REALM1.COM and remove access to REALM1.COM Kerberized nfs areas?
Just wondering if there is a way to keep the realms completely separated or do we have to do cross-realm authentication? Our environment is more complex with other services but I'm just using NFS services to show an example of one of our uses.
Thanks for any help with this,
Kevin
More information about the Kerberos
mailing list