[27802] in Kerberos
Re: Joining a multiple realm AD environment
daemon@ATHENA.MIT.EDU (Chris Penney)
Sun May 20 22:02:06 2007
Message-ID: <111aefd0705201157sd365423w13ae94532736f080@mail.gmail.com>
Date: Sun, 20 May 2007 14:57:21 -0400
From: "Chris Penney" <penney@msu.edu>
To: kerberos@mit.edu
In-Reply-To: <f2l0b3$pbm$1@sea.gmane.org>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 5/18/07, Markus Moeller <huaraz@moeller.plus.com> wrote:
> Not sure what you mean with "Do you still have to do this even if you add
> the system to AD via a "User" account?" ?
>
> You add the system to AD to be able to create a keytab which is used to
> verify that you talk to the right kdc during user authentication. It has
> nothing to do with the ability to login from LOC1.DOM.COM or LOC2.DOM.COM
Ok, thanks! I appreciate your answering my questions. The multiple
realm concept wasn't very clear to me not having done it previously.
Chris
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
