In an attempt to stop syncing passwords between Kerberos and AD and get to a single password store we are currently testing cross-realm with Active Directory trusting Kerberos. We have the trust configured and our Windows admin here says that he can successfully authenticate against our KDC from an AD-enabled Windows host but is required to specify the @realm in order to authenticate since our AD domain is different from our Kerberos realm.
Our Windows admin feels this is unworkable. I'm not really a Windows/AD expert but looking at the Windows ksetup command the /addhosttorealmmap and /addrealmflags options look promising. Has anyone had success with cross-realm and AD trusting Kerberos this way? Thanks... -- Leonard J. Peirce Western Michigan University Office of Information Technology Kalamazoo, MI 49008 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
