Hello, MIT krb5 features a "CApath" setting through which an external party can help to find a path to realms that are not locally configured / crossed-over. Does Windows AD/DC have a similar feature, and how is it setup?
For MIT krb5 I believe it's not possible to relay anything unknown through CApath (but an option may be the . realm) -- but would this work on AD/DC? With this, crossover based on DNSSEC/DANE could be implemented in a component external to the binaries of AD/DC, making the chances of acceptance quite a bit higher. Thanks, -Rick ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
