[28965] in Kerberos
Re: Mit Kerberos Client With trusted Active directories
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Fri Jan 4 10:21:29 2008
Message-ID: <477E4E6B.4050003@anl.gov>
Date: Fri, 04 Jan 2008 09:19:07 -0600
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: e70965 <eswars@huawei.com>
In-Reply-To: <000c01c84ee0$2fdf66f0$3e19120a@china.huawei.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
e70965 wrote:
>
> Hi,
>
> I have Domain_A and Daomain_B (Both are Win2003 Servers).I have made two-way
> trust between Both AD servers.
> I want to do Kerberos authentication from machine which is joined to
> Domain_A using Domain_B user's account.
>
> In this case Suppose my client (in Daomin_A) do not have the access to
> domain_B. Authentication process can be done via Domain_A Server to
> Domain_B Server (I mean getting TGT/TGS).
No. The Domain servers (KDC) don't communicate directly. The client
libs request tickets from the user's KDC in Domain_B, for a TGT. That
TGT is used against Domain_B to get a second TGT usable at Domain_A.
(It is encrypted in the shared secret you setup with the trust.)
The second TGT is then used against Domain_A to get service tickets for
services in Domain_A.
>
> Please help me, if any one knows about this.
>
> Regards,
> Eswar S
>
> ****************************************************************************
> ***********
> This e-mail and attachments contain confidential information from HUAWEI,
> which is intended only for the person or entity whose address is listed
> above. Any use of the information contained herein in any way (including,
> but not limited to, total or partial disclosure, reproduction, or
> dissemination) by persons other than the intended recipient's) is
> prohibited. If you receive this e-mail in error, please notify the sender by
> phone or email immediately and delete it!
>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
