At our site we have principals (user accounts) in a Windows 2000 AD domain, lets call this realm WIN.AD. I have configured Kerberos on my workstation and can get my krbtgt from the AD using my account--so far so good.
I have created a second realm for my servers, lets call this realm NOT.WIN.AD, where I have created "host", "telnet", and account principals. I can kinit and ktelnet between systems in the realm using the NOT.WIN.AD account principal ([EMAIL PROTECTED]). I would like to use the WIN.AD accounts to access the NOT.WIN.AD resources. Can I use mappings in the krb5.conf [capaths] section to accomplish this? I have already tried the following without success: [capaths] NOT.WIN.AD = { WIN.AD = . } WIN.AD = { WIN.AD = . } thanks, ...Mike ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos