[28989] in Kerberos
request a keytab from KDC in other domain
daemon@ATHENA.MIT.EDU (sunilcnair)
Wed Jan 9 11:56:55 2008
Message-ID: <14714285.post@talk.nabble.com>
Date: Wed, 9 Jan 2008 07:39:54 -0800 (PST)
From: sunilcnair <sunilcnair@hotmail.com>
To: kerberos@mit.edu
In-Reply-To: <donn-066B7B.10551318122007@gnus01.u.washington.edu>
MIME-Version: 1.0
X-Nabble-From: sunilcnair@hotmail.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
hello all,
i am Sunil C. i have a domain named xx.com which has a KDC.
i also have a domain co.yy where my server is. there is no KDC in it.
users are in xx.com domain.
but my servers are in (co.yy) domain.
i had set up a test scenario with a user and a server in domain (xx.com)
since KDc was setup i got ticket and was able to authenticate well using
kerberos.
my issue is that all my production servers are in domain (co.yy) which
doesnt have a KDC. i want to authenticate and use the server services in
that domain.
setting up KDC is not feasible in both domains for me.
now i have done some configuration in krb5.conf file on my server
(test.co.yy)
[domain_realm]
xx.com = XX.COM
.xx.com = XX.COM
co.yy = XX.COM
.co.yy = XX.COM
this shows that my domain co.yy which doesnnot have a KDC , i have mapped it
to the realm XX.COM .
now i have some issues.
1) how can i get a keytab from the KDC of XX.COM ( my server in co.yy)
is this command correct ?
> ktpass -princ HTTP/test.co.yy@XX.COM
2) can i get a keytab with that command
3) i have heard of CNAME.
can i create a CNAME for my server like denver.xx.com CNAME test.co.yy ?
if thats possible i can request a keytab like this
> ktpass -princ HTTP/denver.xx.com@XX.COM
then will it relate to the real host name> test.co.yy
please help me with my questions .
--
View this message in context: http://www.nabble.com/Issue-with-KDC-tp14370277p14714285.html
Sent from the Kerberos - General mailing list archive at Nabble.com.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
