[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cross-realm in heimdal?

To: Leif Johansson <leifj@matematik.su.se>
Subject: Re: cross-realm in heimdal?
From: joda@pdc.kth.se (Johan Danielsson)
Date: 18 Aug 1998 17:16:44 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: Leif Johansson's message of "Mon, 17 Aug 1998 17:53:16 +0200"
References: <199808171553.RAA12981@trurl.matematik.su.se>
Sender: owner-heimdal-discuss@sics.se

Leif Johansson <leifj@matematik.su.se> writes:

> Does it work and if so how does one go about it?

It worked the last time I tried it. :-) If you want to use simple
two-way cross realm authentication, you just add two keys (krbtgt/A@B
and krbtgt/B@A) to the databases. Both principals should have the same
key in both databases, but they don't have to have the same key (that
is krbtgt/A@B doesn't have to have the same key as krbtgt/B@A), unless
you want to support cross-realm Kerberos 4.

There is no support for hierarchical realms yet (shouldn't be do
difficult to add), but you can fake this with (possibly many) capaths,
like this:

[libdefaults]
	default_realm = C.B.A
	capath = {
		D.B.A = B.A
		E.B.A = B.A
	}

and then just share a key with B.A.

/Johan

References:
- cross-realm in heimdal?
  - From: Leif Johansson <leifj@matematik.su.se>

Prev by Date: heimdal and krb4 support
Next by Date: Re: heimdal and krb4 support
Prev by thread: cross-realm in heimdal?
Next by thread: heimdal and krb4 support
Index(es):
- Date
- Thread