[29292] in Kerberos
Re: AD using an external Kerberos realm
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Tue Feb 19 09:34:07 2008
Message-Id: <200802191431.m1JEVPFI029581@ginger.cmf.nrl.navy.mil>
To: kerberos@mit.edu
In-Reply-To: <KNECKKHPGBOGKLKDPGFJIEFBDIAA.jay@umd.edu>
Date: Tue, 19 Feb 2008 09:31:25 -0500
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>We received a lot of good information from the Windows Higher Ed list, but
>I thought it might be valuable to get feedback from the folks who support
>external KDCs as well. Are there any major gotchas that those of us
>who support Kerberos or the Windows community at large should be aware
>of?
The big one is to make sure you don't configure your AD domain with the
same name as your "external" (I don't personally like that word in this
context) realm. E.g., you don't want "WAM.UMD.EDU" to be the name of both
your Kerberos realm and AD domain. If you do that, you will be setting
yourself up for massive pain down the road.
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
