Two realms and access to Kerberized NFS areas?

Kevin Longfellow klongfel at yahoo.com
Thu Sep 6 08:54:47 EDT 2012



Hi,

Any advice on possible/best solutions for the below scenario?

Two Kerberos REALM's:

REALM1.COM
REALM2.COM

Assume they are separate realms with no cross-realm authentication.

user logs in and runs kinit kbprinc at REALM1.COM
user accesses KerberizedNFS home areas in REALM1.COM

user now needs access to KerberizedNFS areas in REALM2.COM
 
Can they simply run kinit kbprinc at REALM2.COM and both realms tgt/tgs will be maintained separately with both NFS areas being accessible?

or

When they run kinit kbprinc at REALM2.COM will that remove the tgt/tgs for REALM1.COM and remove access to REALM1.COM Kerberized nfs areas? 

Just wondering if there is a way to keep the realms completely separated or do we have to do cross-realm authentication?  Our environment is more complex with other services but I'm just using NFS services to show an example of one of our uses.


Thanks for any help with this,

Kevin


More information about the Kerberos mailing list