[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: multiple tgt's




On Apr 25, 2008, at 22:58 , Jon Wilson wrote:

> Is there a way with kinit/pkinit to allow multiple tgt's at the  
> same time?
>
> ie, a klist would show:
>
> krbtgt/REALM.COM@REALM.COM for bob@REALM.COM
> krbtgt/REALM.NET@REALM.NET for bob@REALM.NET

In theory it could be done.  In practice, choosing which one to use  
can be nontrivial when e.g. doing crossrealm auth, so both Heimdal  
and MIT Kerberos punt and only support one TGT.

-- 
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery@kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu
electrical and computer engineering, carnegie mellon university    KF8NH