Final question for today: is it explicitly disallowed for separate realms
to map to a single DNS domain in [domain_realm] section? We have a
situation where users belonging to separate realms are in the same DNS
domain and cross-realm authentication for these users is a must. When I
tested this, Kerberos would get confused and deny cross-realm authentication
requests. Just making sure I wasn't missing anything when I tried it. If
this is currently not an option, some thought needs to be given to
scalability issues Kerberos faces in large heterogenous environments.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
