directory-kerby mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Li, Jiajia" <jiajia...@intel.com>
Subject RE: [Kerby] How to setup 1-way trust for cross-realm authentication between two KDC's ?
Date Thu, 15 Jun 2017 02:04:35 GMT
Hi Pratyush´╝î

Kerby does not support the cross realm, this is one of the important missing features.

Thanks
Jiajia


-----Original Message-----
From: pratyush parimal [mailto:pratyush.parimal@gmail.com] 
Sent: Thursday, June 15, 2017 3:10 AM
To: kerby@directory.apache.org
Subject: [Kerby] How to setup 1-way trust for cross-realm authentication between two KDC's
?

Hi everyone,

I'm wondering if Kerby supports setting up 1-way trusts, similar to using the [capaths] directive
in MIT kerberos.

For example, in MIT kdc, if I wanted to setup cross-realm auth between a source realm R1.COM
and destination realm R2.COM, I would have to add the following section to R1.COM's krb5.conf:

[capaths]
 R2.COM = {
  R1.COM = .
 }

, followed by adding the principal "krbtgt/R2.COM@R1.COM" with the same password to both the
KDCs.

Is it possible to achieve the same with Kerby? If so, I'd really appreciate it if someone
could point me to a Java example for setting up capaths in Kerby.

Cheers,
Pratyush
Mime
View raw message