Proxy KDC (Quick yes/no question)

Sam Hartman hartmans at MIT.EDU
Tue Oct 22 12:20:00 EDT 2002

>>>>> "Monica" == Monica Lau <mllau2002 at> writes:

    Monica>    Hi all,

    Monica>    I was wondering if the MIT Kerberos server supports
    Monica> proxy KDC.  For example, I have two KDCs in my network,
    Monica> KDC A and KDC B.  If a user tries to authenticate to KDC
    Monica> A, and KDC A can't find that user's entry in its database,
    Monica> KDC A will automatically contact KDC B and send the
    Monica> authentication reply back to the user.

This feature is not supported.
I think there are non-trivial design issues associated with doing this.
I suspect we would not be interested in the feature were it implemented.

More information about the krbdev mailing list