Hi all, I'm trying to setup cross-realm between a KDC in EXAMPLE.COM (containing my users) to a KDC in HADOOP.COM (containing my services).
I read from manuals (like the ones on https://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-admin/capaths.html and https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/sec-kerberos-crossrealm.html) that you have to 2 things in order to achieve this: (1) add a "trust" principal called krbtgt/hadoop....@example.com to both the KDC's. (2) add a "capaths" section to the EXAMPLE.COM KDC like so: [capaths] HADOOP.COM = { EXAMPLE.COM = . } However, in practice I found that my setup works even without step (2). I'm wondering if the "capaths" is deprecated or something? Or is it needed for setups that are more complicated in some way? Thanks in advance! Pratyush Parimal. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
