[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: multiple tgt's


we're actually also "suffering" from this problem. Cross realm trust is
not an option at all in our environment. It's actually difficult and not
transparent for the users to get tickets for multiple realms.
Fortunately there are still other ways to get afs tokens for foreign
cells and hold them simultaneously.

On Sat, 2008-04-26 at 22:03 +0200, Harald Barth wrote:
> > krbtgt/REALM.COM@REALM.COM for bob@REALM.COM
> > krbtgt/REALM.NET@REALM.NET for bob@REALM.NET
> If we just pretend we have two krbtgt in one ticket cache, which one
> do you use to derive your service tickets from? If the two realms have
> cross trust, there are two ways and no way to choose which one.

How about a configuration option in /etc/krb5.conf?


| Andreas Haupt             | E-Mail: andreas.haupt@desy.de
|  DESY Zeuthen             | WWW:    http://www-zeuthen.desy.de/~ahaupt
|  Platanenallee 6          | Phone:  +49/33762/7-7359
|  D-15738 Zeuthen          | Fax:    +49/33762/7-7216