I agree Ken
I have a cross realm setup at my lab at my house and at my previous employer we had it
working as well.
It's pretty straight forward, but you do have to know your OS and how to configure AD
and Kerberos correctly as well as the Unix side.
However the How To Guides by Microsft are VERY GOOD, they spell out every
configuration, how and why.
mel
-----Original Message-----
From: Ken Hornstein [mailto:[EMAIL PROTECTED]
Sent: Fri 7/2/2004 9:47 AM
To: Rouiller Claude
Cc: Edu [EMAIL PROTECTED] ([EMAIL PROTECTED])
Subject: Re: Cross-Realm authentication
>Expert: "You can't put your SSO in production, because Kerberos cross realm
>authentication doesn't work!"
>Me: "Is it an issues in Microsoft Kerberos?"
>Expert: "No. The Kerberos protocol has been so poorly designed, that
>cross-realm authentication just doesn't work at all. Maybe Microsoft has
>implemented something proprietary to make it work, but it would not be
>standard!".
What a load of crap.
I personally work with a group of people (about 5000 users) which involve
20 sites, approximately 7-8 Kerberos realms, which make very heavy use
of cross-realm authentication in production, and it works just fine.
I also know of plenty of other sites that use cross-realm authentication
all of the time.
--Ken
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
