[29350] in Kerberos
Re: cross-realm and connectivity between KDCs
daemon@ATHENA.MIT.EDU (Richard E. Silverman)
Fri Feb 22 13:00:14 2008
From: "Richard E. Silverman" <res@qoxp.net>
Date: Fri, 22 Feb 2008 12:54:47 -0500
Message-ID: <m2ir0gri54.fsf@darwin.oankali.net>
MIME-Version: 1.0
X-Complaints-To: abuse@speakeasy.net
X-DMCA-Complaints-To: abuse@speakeasy.net
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>>>>> "VS" == Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su> writes:
VS> Colleagues, If cross-realm authentication is configured between
VS> two realms, do the KDCs ever talk directly to each other, or do
VS> they talk only to the client?
VS> In other words, is IP connectivity necessary between the KDCs, or
VS> only between the client and each of the KDCs?
The latter, so far as I know. A client obtains a TGT for the trusting
realm from a KDC in the trusted one, and presents it to a trusting KDC.
VS> -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet
VS> http://vas.tomsk.ru/
--
Richard Silverman
res@qoxp.net
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
