Kerberos "overlay" in mixed OS environment

Nordgren, Bryce L -FS bnordgren at fs.fed.us
Mon Dec 5 13:15:44 EST 2016


The answer is probably going to be "you can't do that", but I figured I'd ask anyway.

Parameter #1: I have been allocated a handful of non-routable IP subnets on a university network where I am a guest.
Parameter #2: Associated with the above is a single DNS subdomain.
Parameter #3: The university retains control over DNS and DHCP.
Parameter #4: The university set up the correct SRV records so that I can operate a KDC on my subdomain.

My question is: Is there any way to operate two KDCs on the same DNS subdomain, serving complementary hosts?

Reason #1: I want the "lightest footprint" possible, so as not to annoy our hosts.
Reason #2: I want to take advantage of some of the centralized management niceties of AD and FreeIPA for Windows and Linux, respectively.
Reason #3: I'm not sure I understand how to implement any kind of automatic Win/Linux segregation at the network level.
Reason #4: Aside from the constraints Kerberos may (?) impose, I see no compelling reason to corral machines into subdomains by OS.

Thanks for your patience.
Bryce




This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately.


More information about the Kerberos mailing list