[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Can Heimdal KDC issue cross-realm referral ?

In section 4.7 Referrals of Heimdal and Windows 2000 Kerberos --how to get them to play together paper, it is stated:
"We have added functionality for referrals to the HeimdalKDC that is sufficient for Windows clients"
What configurations need to be done on a Heimdal KDC to provide the support ?
I need a cross-realm referral support in the following scenario:
a win2k client authenticates to a heimdal kdc. The client then wants to access a computer in another realm (a win2k domain). Hence the win2k client sends a TGS_REQ to heimdal kdc with target name of the service in its own realm (I've just known that microsoft changed the mechanism !). Hence the client makes an assumption that the service is in its own realm until the KDC replies with a TGS_REP telling him that the service is in fact in another realm (hence giving a cross-realm referral).

La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit
- Guy de Maupassant -

Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.