[31374] in Kerberos
multiple domain authentication scenario
daemon@ATHENA.MIT.EDU (Farzad Kohantorabi)
Thu Aug 13 17:51:28 2009
From: Farzad Kohantorabi <Farzad.Kohantorabi@interfacing.com>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Thu, 13 Aug 2009 17:50:57 -0400
Message-ID: <FFD93B6DEA84074B8266827F583F3DDC051DE01F66@svr-exc-01.interfacing.local>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello,
I have a web application that negotiates a principal with the user's browsers and then uses Kerberos for authentication. This works fine when there is only one domain. Now I am wondering if this holds water if the user is coming from a different domain than the web server's domain (the web server is not supposed to be a public server so users come in from internal networks). The thing that confuses me is that my server has a keytab for communication with its own KDC, and I am not sure if it is possible to authenticate a user from a different domain with the web server's KDC?
Cheers,
Farzad-
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
