[32995] in Kerberos
Re: some cross-realm trust questions
daemon@ATHENA.MIT.EDU (Brian Candler)
Mon Dec 27 15:37:45 2010
Date: Mon, 27 Dec 2010 20:37:33 +0000
From: Brian Candler <B.Candler@pobox.com>
To: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>
Message-ID: <20101227203733.GA2737@talktalkplc.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <if97mj$cv6$2@relay.tomsk.ru>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Mon, Dec 27, 2010 at 05:20:19AM +0000, Victor Sudakov wrote:
> That's great, but at least at the initialization stage, how is a
> shared key for the corresponding krbtgt principals transferred between
> the two KDCs?
>
> The Windows "New Trust" wizard just asks for a password and never
> offers to export a keytab or anything.
That sounds OK to me - you should just be able to create the same principals
on the remote KDC using addprinc, which will also prompt you for a password.
Enter the same one.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
