Status of IETF 4120 in the Kerberos development tree
howard at cohtech.com
Tue Dec 1 05:19:22 EST 2009
Ken et al,
I am interested in the status of the IETF standard 4120 in the current and upcoming implementation of krb5. Has the work to implement referrals/aliases been done in the 1.7 release or is it due in 1.8 or should we expect it much later?
We are considering whether this would support us managing trusts from a Windows 200x AD that has a realm name clash. I.e. We have a windows domain "win.com" that has a trust to another windows domain "example.com" which we will be retiring in the next 2 years, but in the meantime we want to implement a MIT realm "example.com" and add a trust to "win.com" for this realm without breaking any of the current trusts. The mechanism I am considering is to publish an alias (is that the correct term) "proxy.example.com" for the MIT domain and using this in the trust until we decommission the old windows domain.
Not got any further in my thinking than this but the 4120 standard looks as though it would form part of the solution, maybe?
Coherent Technology Limited, 23 Northampton Square, Finsbury, London EC1V 0HL, United Kingdom
Telephone: +44 20 7690 7075 Mobile: +44 7980 639379
Company Email: coherent at cohtech.com Website: http://www.cohtech.com <http://www.cohtech.com/>
More information about the krbdev