Hi, thaks for your answer Edward. My two KDC have distinct IP @ and port.
I have done a test with KINIT. When I run 'KINIT -A user_name' , the KINIT command build user_n...@msdemo<mailto:user_n...@msdemo> , MSDEMO is the default_realm setup in my krb5.conf. How could I obtain user_n...@msdemo2<mailto:user_n...@msdemo2> except by changing default_realm in krb5.conf ? Regards. Flavien. Date: Sat, 02 Jan 2010 15:10:56 +1300 From: Edward Murrell <edw...@murrell.co.nz> Subject: Re: Kerberos multi domain To: "kerberos@mit.edu" <kerberos@mit.edu> Message-ID: <1262398256.2052.29.ca...@boyle> Content-Type: text/plain; charset="UTF-8" As far as I know, MIT kerberos can run multiple KDC's from the same machine, but each realm needs to have it's own IP or set of ports. On Fri, 2010-01-01 at 13:19 +0100, BOUCHER, Flavien wrote: > Hi, > > I need to setup kerberos for six distinct domain, there is no trust > relationship between each domain. > When I setup one domain by one, it's working. > > After testing each domain one by one, I merge the keytab file, and change the > krb5.conf file: > > [libdefaults] > default_realm = MSDEMO > default_keytab_name = > FILE:C:\Kerberos\lcserver01.keytab<file:C:/Kerberos/lcserver01.keytab> > default_tkt_enctypes = rc4-hmac des-cbc-md5 > default_tgs_enctypes = rc4-hmac des-cbc-md5 > forwardable = true > renewable = true > noaddresses = true > clockskew = 300 > [realms] > MSDEMO = { > kdc = dc.msdemo.local:88 > default_domain = dc.msdemo.local > } > > MSDEMO2 = { > kdc = dc2.msdemo2.local:88 > default_domain = msdemo2.local > } > [domain_realm] > .msdemo.local = MSDEMO > .msdemo2.local = MSDEMO2 > > > When I merge the keytab of this two domains and change the krb5.conf, just > the authentication for MSDEMO is working. > When I change the krb5.conf, and enter default_realm = MSDEMO2, the > authentication is working for MSDEMO2. > > It's possible to make the authentication works for the both domain in the > same time ? > > Regards. > > Flavien. > > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos ____________________________________________________________ Flavien Boucher / Sogeti / Paris France Mob. : +33 (0) 6.07.72.60.67 www.sogeti.com<http://www.sogeti.com/> Email : flavien.a.bouc...@sogeti.com<mailto:flavien.a.bouc...@sogeti.com> 6-8 rue Duret / 75016 Paris Join the Collaborative Business Experience ____________________________________________________________ P Please consider the environment and do not print this email unless absolutely necessary. Sogeti encourages environmental awareness. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
