[31694] in Kerberos
Question about cross realm authentification
daemon@ATHENA.MIT.EDU (Hubert Chomette)
Fri Nov 13 09:43:48 2009
Message-Id: <59717EE4-008B-4524-A877-BBC83AEC88D8@ensil.unilim.fr>
From: Hubert Chomette <chomette@ensil.unilim.fr>
To: kerberos@mit.edu
Mime-Version: 1.0 (Apple Message framework v936)
Date: Fri, 13 Nov 2009 09:48:05 +0100
X-Univ-Limoges-MailScanner-Envelope-From: chomette@ensil.unilim.fr
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
We try to unify authentification between two departements in our
university.
The two departments have their own kdc, so cross realm should be the
more interesting thing.
What I have understand, is that a client from site A with a TGT from A
can ask for a cross realm TGT for B site and access to all SSOised
application to B.
But suppose that a user from site A go to site B. How can he
authentificate on a machine from site B (linux/windows computers using
kdc B authentification)?
does cross realm permit such things? Or should this user have an
account on site B to?
Thank's for your help
Regards,
Hubert
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
