Hello Kerberos Gurus,
I am giving a pretty lengthy presentation on Sun Kerberos next week and I want to make sure I have the correct understanding of how cross-realm authentication works.
Domain1: EXAMPLE.COM Domain2: EXAMPLE1.COM
1) The user [EMAIL PROTECTED] wants to telnet to host/[EMAIL PROTECTED] using cross-realm authentication.
2) Both the KDC's host/[EMAIL PROTECTED] and host/[EMAIL PROTECTED] create krbtgt/[EMAIL PROTECTED] and vice-versa principals in a direct cross-real trust.
3) The user [EMAIL PROTECTED] issues the following command:
bar.example.com$ telnet -a -f -x foo.example1.com
4) From here, host/bar.example.com contacts the KDC for EXAMPLE.COM looking for a cross-realm trust of host/foo.example1.com. Since there is a principal for host/kdc.example1.com, host/kdc.example.com issues a cross-realm service ticket for host/bar.example.com. The host/bar.example.com then contacts host/foo.example1.com with a service ticket presented from host/kdc.example.com and authenticates.
This is where I am a little confused on how exactly the trust relationship plays out. To what degree do the two KDC's communicate this trust relationship in this specific scenario. What is the order of conversation? I am looking for some help with step 4 and if someone could set me straight.
Thanks,
Darren ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
