Hi all,
We’re trying to roll out a multi-tenant Kerberos realm service here at ViaSat.
We have a root realm (something like VIASAT.COM) that has principals for all
the users, and then a series of sub-realms (A.VIASAT.COM, B.VIASAT.COM, etc)
that have one-way trust relationships with the root.
Hi Greg,
OK, that’s what I was afraid of. It’ll make things a bit tricker, but I think
we’ve identified a way to manage that. Thanks for the information!
Stephan Kemper
ViaSat, Inc.
On 12/19/16, 8:54 PM, "Greg Hudson" wrote:
On 12/19/2016 03:50 PM, Kemper, Stephan wrote:
Hello again!
Based on my previous question (“Cross-Realm Admins” from last month) we’re now
using a model with separate admin principals per realm, and a large keyring of
keytab files. This seems to be working *mostly* fine.
Where we run into issues is with creating the cross-realm trusts, spe
, because otherwise the interface wouldn’t be uniform.
Stephan Kemper
ViaSat, Inc.
On 1/22/17, 12:42 PM, "Kemper, Stephan" wrote:
Hello again!
Based on my previous question (“Cross-Realm Admins” from last month) we’re
now using a model with separate admin principals per re
Engineering
ViaSat, Inc.
On 1/23/17, 7:44 AM, "Greg Hudson" wrote:
On 01/22/2017 07:11 PM, Kemper, Stephan wrote:
> Sorry for the spam, but after continuing to investigate, it looks like
this database shortcut only works for vertical trusts. A
krbtgt/a.viasat...@b.viasat.io p
