Kerberos Database Sync with Sub-Domains
Isaac Boukris
iboukris at gmail.com
Tue Jul 14 09:34:59 EDT 2020
On Tue, Jul 14, 2020 at 3:22 PM Jonathan Towles <jjtowles at synterex.com> wrote:
>
> So by using enterprise principal names, you can essentially point it at the parent domain KDC, and it can get a ticket for even users in the sub-domains?
Client-referrals are used to locate the realm, see details in RFC 6806.
> That's only something that can be done in the GSS config right? You can't do it in the KRB5.conf file?
For kinit, you just need to pass the '-E' flag, no conf involved.
More information about the Kerberos
mailing list