[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cross realm authentication details

On Apr 30, 2006, at 5:31 , Jacob Yocom-Piatt wrote:

> i have tried doing this by adding 2 principals, krbtgt/REALM. 
> 1@REALM.2 and
> krbtgt/REALM.2@REALM.1, to my KDC via the kadmin interface using
> add --random-key krbtgt/REALM.1@REALM.2
> add --random-key krbtgt/REALM.2@REALM.1

I don't think that's going to work:  the principals need to have the  
same key, whereas --random-key will generate a distinct (hopefully)  
random key for each one.

brandon s. allbery     [linux,solaris,freebsd,perl]       
system administrator  [openafs,heimdal,too many hats]   
electrical and computer engineering, carnegie mellon university