[31375] in Kerberos
Re: multiple domain authentication scenario
daemon@ATHENA.MIT.EDU (Edward Murrell)
Thu Aug 13 18:21:04 2009
From: Edward Murrell <edward@murrell.co.nz>
To: kerberos@mit.edu
In-Reply-To: <FFD93B6DEA84074B8266827F583F3DDC051DE01F66@svr-exc-01.interfacing.local>
Date: Fri, 14 Aug 2009 10:21:02 +1200
Message-Id: <1250202063.18052.1.camel@entropy>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
You can either add service principles for the other domains to the
keytab, or establish cross realm trusts between the realms. The latter
is probably better if you expect to have lots of places where you need
interoperate.
Cheers,
Edward
On Thu, 2009-08-13 at 17:50 -0400, Farzad Kohantorabi wrote:
> Hello,
>
>
> I have a web application that negotiates a principal with the user's browsers
> and then uses Kerberos for authentication. This works fine when there is only
> one domain. Now I am wondering if this holds water if the user is coming from
> a different domain than the web server's domain (the web server is not supposed
> to be a public server so users come in from internal networks). The thing that
> confuses me is that my server has a keytab for communication with its own KDC,
> and I am not sure if it is possible to authenticate a user from a different
> domain with the web server's KDC?
>
>
>
>
> Cheers,
> Farzad-
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
