On Fri, May 04, 2007 at 01:13:19PM -0500, Douglas E. Engert wrote: > > > David Bear wrote: > >I have been wondering about necessary inclusions in a krb5.conf file > >for use on a windows box that is ALSO joined and authenticating to AD. > > > >We have to kerb realms; an original MIT kerb5 realm, and a separate > >realm for AD. > > Are the realm names different? If so do they do cross realm?
yes, realm names are different. There is a cross realm trust -- (I don't know the details of that) > > If they ues the same realm name, that could be a problem. > Are user names and passwords synced between them? > If so consider just using AD for the KDCs. > > Our MIT realm is used to authentication users of afs. > >Our AD realm is used for ... things microsoft. > > Are you going to be at the AFS&Kerberos Best Practices next week? no -- but there will be asu representatives there I hope. -- David Bear phone: 602-496-0424 fax: 602-496-0955 College of Public Programs/ASU University Center Rm 622 411 N Central Phoenix, AZ 85007-0685 "Beware the IP portfolio, everyone will be suspect of trespassing" ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
