directory-kerby mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <>
Subject Re: Kerby Update
Date Fri, 03 Nov 2017 11:03:41 GMT
Hi Jiajia,

I've been trying to get this new feature working, but unsuccessfully so far
- I get an error:

2017-11-03 10:58:41  INFO{}-Send to kdc
2017-11-03 10:58:41  INFO{}-KDC server response with
message: Unknown error
2017-11-03 10:58:41  INFO{}-Unknown error

Could you clarify a few points for me please...

a) What information is required in the krb5.conf of the tool-dist?
b) Could you give an example (using the A.EXAMPLE.COM + B.EXAMPLE.COM
realms) for the "Validate" section of the docs (
It's a little unclear as to how exactly it should be used.


On Mon, Oct 23, 2017 at 2:22 AM, Li, Jiajia <> wrote:

> Hi all,
> Recently we have implemented the cross-realm authentication support, KDC
> in one realm can authenticate users in a different realm, so it allows
> client from another realm to access the cluster. Cross-realm authentication
> is accomplished by sharing a secret key between the two realms. In both
> backends should have the krbtgt service principals for realms with same
> passwords, key version numbers, and encryption types. We have used this
> feature in Hadoop cluster, after establishing cross realm trust between two
> secure Hadoop clusters with their own realms, copying data between two
> secure clusters can work now. And this support also can be used to build
> trust relationship with MIT Kerberos KDC and we have tested compatibility.
> Here is the document about setting up cross realm:
> Thanks,
> Jiajia

Colm O hEigeartaigh

Talend Community Coder

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message