[prev in list] [next in list] [prev in thread] [next in thread]
List: kerberos
Subject: Re :Re: issue : Setting up KDC in two different domains
From: "sunil chandran" <sunilsushil () rediffmail ! com>
Date: 2007-12-28 13:22:49
Message-ID: 1198705997.S.4795.3892.f5mail50.rediffmail.com.old.1198848169.32248 () webmail ! rediffmail ! com
[Download RAW message or body]
Hello Edward, Thank you for your reply.I understood the concept from you.Now you \
tell that we can have two realm with only one KDC. i want to tell u that both domains \
are entirely different that is the root is not the same.so i want to ask you one more \
help.I want to get a keytab for co.yy domain . i will show you one example i did for \
getting keytab for the domain xx.com which already had KDC in it.ktpass -princ \
HTTP/sip99.xx.com@XX.COMXX.COM (this is the command i did for xx.com)now i want \
to know for a server sip99 in co.yy , what should i type to get a keytab.since you \
already told that i can give this domain in the krb5.conf file , please help me how \
can i a get a keytab for that domain which dont have a KDC?On Thu, 27 Dec 2007 \
10:18:53 +1300 (NZDT) edward@murrell.co.nz wroteHi.This is quite easy to do, in your \
DNS or krb5.conf, you need to specifythat the default realm for co.yy is the xx.com \
realm.For example, if you are using krb5.conf you would have somethi ng like \
this;[domain_realm]xx.com = XX.COM.xx.com = XX.COMco.yy = XX.COM.co.yy = XX.COMThat's \
about it. :)Cheers,Edward> Hello all,>> I have two domains (xx.com) and \
(co.yy) two differnt domains> altogether.> i have a KDC set up in (xx.com) . \
users are in xx.com domain.>> but my servers are in (co.yy) domain.>> i \
had set up a test scenario with a user and a server in domain (xx.com)> since KDc \
was setup i got ticket and was able to authenticate well using> kerberos.>> \
my issue is that all my production servers are in domain (co.yy) which> doesnt \
have a KDC.> i want to authencticate and use the server services in that \
domain.> setting> up KDC is not feasible in both domains for me.>> 1. is \
there any possibility or a way that i can use services from domain(> co.yy) \
without a KDC set up there?> 2. In other words, which REALM does the my \
server(co.yy) belong to?> 3. how can i get a keytab for my server in domain(c \
o.yy) which doesnt have> a> KDC ?>> please help me with these critical \
issues.>> Thanks in advance.>> Sunil> \
________________________________________________> Kerberos mailing list \
Kerberos@mit.edu> \
https://mailman.mit.edu/mailman/listinfo/kerberos>________________________________________________Kerberos \
mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos \
________________________________________________ Kerberos mailing list \
Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic