[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kerberos
Subject:    Re :Re: issue : Setting up KDC in two different domains
From:       "sunil chandran" <sunilsushil () rediffmail ! com>
Date:       2007-12-28 13:22:49
Message-ID: 1198705997.S.4795.3892.f5mail50.rediffmail.com.old.1198848169.32248 () webmail ! rediffmail ! com
[Download RAW message or body]

Hello Edward,&nbsp;Thank you for your reply.I understood the concept from you.Now you \
tell that we can have two realm with only one KDC. i want to tell u that both domains \
are entirely different that is the root is not the same.so i want to ask you one more \
help.I want to get a keytab for co.yy domain . i will show you one example i did for \
getting keytab for the domain xx.com which already had KDC in it.ktpass -princ \
HTTP/sip99.xx.com@XX.COMXX.COM&nbsp;(this is the command i did for xx.com)now i want \
to know for a server sip99 in co.yy , what should i type to get a keytab.since you \
already told that i can give this domain in the krb5.conf file , please help me how \
can i a get a keytab for that domain which dont have a KDC?On Thu, 27 Dec 2007 \
10:18:53 +1300 (NZDT) edward@murrell.co.nz wroteHi.This is quite easy to do, in your \
DNS or krb5.conf, you need to specifythat the default realm for co.yy is the xx.com \
realm.For example, if you are using krb5.conf you would have somethi  ng like \
this;[domain_realm]xx.com = XX.COM.xx.com = XX.COMco.yy = XX.COM.co.yy = XX.COMThat's \
about it. :)Cheers,Edward&gt; Hello all,&gt;&gt; I have two domains (xx.com) and \
(co.yy) two differnt domains&gt; altogether.&gt; i have a KDC set up in (xx.com) . \
users are in xx.com domain.&gt;&gt; but my servers are in (co.yy) domain.&gt;&gt; i \
had set up a test scenario with a user and a server in domain (xx.com)&gt; since KDc \
was setup i got ticket and was able to authenticate well using&gt; kerberos.&gt;&gt; \
my issue is that all my production servers are in domain (co.yy) which&gt; doesnt \
have a KDC.&gt; i want to authencticate and use the server services in that \
domain.&gt; setting&gt; up KDC is not feasible in both domains for me.&gt;&gt; 1. is \
there any possibility or a way that i can use services from domain(&gt; co.yy) \
without a KDC set up there?&gt; 2. In other words, which REALM does the my \
server(co.yy) belong to?&gt; 3. how can i get a keytab for my server in domain(c  \
o.yy) which doesnt have&gt; a&gt; KDC ?&gt;&gt; please help me with these critical \
issues.&gt;&gt; Thanks in advance.&gt;&gt; Sunil&gt; \
________________________________________________&gt; Kerberos mailing list \
Kerberos@mit.edu&gt; \
https://mailman.mit.edu/mailman/listinfo/kerberos&gt;________________________________________________Kerberos \
mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos \
________________________________________________ Kerberos mailing list           \
Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos


[prev in list] [next in list] [prev in thread] [next in thread]