Kerberos "overlay" in mixed OS environment
Andrew Holway
andrew.holway at gmail.com
Tue Dec 6 03:37:16 EST 2016
If you are on linux *I think* this is functionality that sssd does out of
the box although I've never tested it.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/Configuring_Domains.html
On 5 December 2016 at 19:15, Nordgren, Bryce L -FS <bnordgren at fs.fed.us>
wrote:
> The answer is probably going to be "you can't do that", but I figured I'd
> ask anyway.
>
> Parameter #1: I have been allocated a handful of non-routable IP subnets
> on a university network where I am a guest.
> Parameter #2: Associated with the above is a single DNS subdomain.
> Parameter #3: The university retains control over DNS and DHCP.
> Parameter #4: The university set up the correct SRV records so that I can
> operate a KDC on my subdomain.
>
> My question is: Is there any way to operate two KDCs on the same DNS
> subdomain, serving complementary hosts?
>
> Reason #1: I want the "lightest footprint" possible, so as not to annoy
> our hosts.
> Reason #2: I want to take advantage of some of the centralized management
> niceties of AD and FreeIPA for Windows and Linux, respectively.
> Reason #3: I'm not sure I understand how to implement any kind of
> automatic Win/Linux segregation at the network level.
> Reason #4: Aside from the constraints Kerberos may (?) impose, I see no
> compelling reason to corral machines into subdomains by OS.
>
> Thanks for your patience.
> Bryce
>
>
>
>
> This electronic message contains information generated by the USDA solely
> for the intended recipients. Any unauthorized interception of this message
> or the use or disclosure of the information it contains may violate the law
> and subject the violator to civil or criminal penalties. If you believe you
> have received this message in error, please notify the sender and delete
> the email immediately.
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list