David Bear wrote: > I have been wondering about necessary inclusions in a krb5.conf file > for use on a windows box that is ALSO joined and authenticating to AD. > > We have to kerb realms; an original MIT kerb5 realm, and a separate > realm for AD.
Are the realm names different? If so do they do cross realm? If they ues the same realm name, that could be a problem. Are user names and passwords synced between them? If so consider just using AD for the KDCs. Our MIT realm is used to authentication users of afs. > Our AD realm is used for ... things microsoft. Are you going to be at the AFS&Kerberos Best Practices next week? > > Will KfW automagically handle obtaining tickets from the AD realm > without having anything entries in the krb5.conf file? > > I have entries for both realms currently and I consistently get an > error from the NetId Manager that it failed to get tickets for our AD > realm. However, when I look in the NetId Manager I do indeed see > various tickes from our AD realm. I'm thinking that perhaps the > additional entries in the krb5.con file are superflous. > > We do get tickets and afs tokens properly from our MIT realm which > makes afs happy. > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
