[27746] in Kerberos
Re: KfW krb5.conf inclusions
daemon@ATHENA.MIT.EDU (David Bear)
Fri May 4 14:38:48 2007
Date: Fri, 4 May 2007 11:38:24 -0700
From: David Bear <David.Bear@asu.edu>
To: "Douglas E. Engert" <deengert@anl.gov>
Message-ID: <20070504183824.GF19848@asu.edu>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <463B77BF.2040602@anl.gov>
Cc: kerberos@mit.edu
Reply-To: David.Bear@asu.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Fri, May 04, 2007 at 01:13:19PM -0500, Douglas E. Engert wrote:
>
>
> David Bear wrote:
> >I have been wondering about necessary inclusions in a krb5.conf file
> >for use on a windows box that is ALSO joined and authenticating to AD.
> >
> >We have to kerb realms; an original MIT kerb5 realm, and a separate
> >realm for AD.
>
> Are the realm names different? If so do they do cross realm?
yes, realm names are different.
There is a cross realm trust -- (I don't know the details of that)
>
> If they ues the same realm name, that could be a problem.
> Are user names and passwords synced between them?
> If so consider just using AD for the KDCs.
>
> Our MIT realm is used to authentication users of afs.
> >Our AD realm is used for ... things microsoft.
>
> Are you going to be at the AFS&Kerberos Best Practices next week?
no -- but there will be asu representatives there I hope.
--
David Bear
phone: 602-496-0424
fax: 602-496-0955
College of Public Programs/ASU
University Center Rm 622
411 N Central
Phoenix, AZ 85007-0685
"Beware the IP portfolio, everyone will be suspect of trespassing"
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
