[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: multiple tgt's

To: heimdal-discuss@sics.se
Subject: Re: multiple tgt's
From: Andreas Haupt <andreas.haupt@desy.de>
Date: Mon, 28 Apr 2008 08:07:06 +0200
Cc: lists@erentil.net
In-Reply-To: <20080426.220330.121797103.haba@habanero.pdc.kth.se>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
Organization: DESY
References: <48129A6B.5010704@erentil.net> <20080426.220330.121797103.haba@habanero.pdc.kth.se>
Reply-To: heimdal-discuss@sics.se, Andreas Haupt <andreas.haupt@desy.de>

Hi,

we're actually also "suffering" from this problem. Cross realm trust is
not an option at all in our environment. It's actually difficult and not
transparent for the users to get tickets for multiple realms.
Fortunately there are still other ways to get afs tokens for foreign
cells and hold them simultaneously.

On Sat, 2008-04-26 at 22:03 +0200, Harald Barth wrote:
> > krbtgt/REALM.COM@REALM.COM for bob@REALM.COM
> > krbtgt/REALM.NET@REALM.NET for bob@REALM.NET
> 
> If we just pretend we have two krbtgt in one ticket cache, which one
> do you use to derive your service tickets from? If the two realms have
> cross trust, there are two ways and no way to choose which one.

How about a configuration option in /etc/krb5.conf?

Cheers,
Andreas

-- 
| Andreas Haupt             | E-Mail: andreas.haupt@desy.de
|  DESY Zeuthen             | WWW:    http://www-zeuthen.desy.de/~ahaupt
|  Platanenallee 6          | Phone:  +49/33762/7-7359
|  D-15738 Zeuthen          | Fax:    +49/33762/7-7216

Follow-Ups:
- Re: multiple tgt's
  - From: Jon Wilson <lists@erentil.net>

References:
- multiple tgt's
  - From: Jon Wilson <lists@erentil.net>
- Re: multiple tgt's
  - From: Harald Barth <haba@kth.se>

Prev by Date: Re: Blackbox test for kpasswd
Next by Date: Re: multiple tgt's
Prev by thread: Re: multiple tgt's
Next by thread: Re: multiple tgt's
Index(es):
- Date
- Thread