Cross-realm trusts w/ MS Windows 2003

Douglas E. Engert deengert at
Mon Aug 18 17:42:56 EDT 2003

Sam Hartman wrote:
> I believe the problem is that the wizard for setting up cross-realm
> trusts gets the case of the realm name incorrect.  I'm not really sure
> how to fix this, but I believe if you fix up the directory attributes
> by hand, everything will work.

I got the SecureCRT to work with the cross realm using the SSPI. 
( I have been using the SecureCRT with the MIT GSSAPI for months.)
This required in effect passing to SSPI the full principal name, including
the realm. 

When I updated the session file for orleans.ini from

Unlike GSSAPI where you pass in service at host and no realm, with SSPI
you can pass in service/host at realm.

The MS kerberos does not have the host to realm mappings, but uses referrals.
If there was a way to add the principal to the global mapping, in the MS KDC,
then this would not be needed as a referral would work. 

Daniel indicated that this was not possible. But I would think it would
be. Does anyone know how?

> _______________________________________________
> krbdev mailing list             krbdev at


 Douglas E. Engert  <DEEngert at>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439 
 (630) 252-5444

More information about the krbdev mailing list