> I would like to use the WIN.AD accounts to access the NOT.WIN.AD resources. > Can I use mappings in the krb5.conf [capaths] section to accomplish this?
If they are hierarchical like NOT.WIN.AD and WIN.AD I don't think you need any capaths, you just need to create the principal krbtgt/[EMAIL PROTECTED] with same key in both KDCs. At least that seems to work for me: pvtest> klist Ticket cache: FILE:/var/dss/kerberos/tkt/v5_3ff97c17073ec9 Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 01/15/04 08:29:39 01/15/04 18:29:37 krbtgt/[EMAIL PROTECTED] 01/15/04 08:45:02 01/15/04 18:29:37 krbtgt/[EMAIL PROTECTED] 01/15/04 08:45:13 01/15/04 18:29:37 host/[EMAIL PROTECTED] 01/15/04 12:53:45 01/15/04 18:29:37 host/[EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos