If you want to provide separate mappings of hosts to domains, then you will have to provide domain to realm mappings for each individual machine name
Sam Hartman wrote: >>>>>>"Inger," == Inger, Slav (S B ) <[EMAIL PROTECTED]> writes: > > > Inger,> Final question for today: is it explicitly disallowed for > Inger,> separate realms to map to a single DNS domain in > Inger,> [domain_realm] section? We have a situation where users > Inger,> belonging to separate realms are in the same DNS domain > Inger,> and cross-realm authentication for these users is a must. > Inger,> When I tested this, Kerberos would get confused and deny > Inger,> cross-realm authentication requests. Just making sure I > Inger,> wasn't missing anything when I tried it. If this is > Inger,> currently not an option, some thought needs to be given to > Inger,> scalability issues Kerberos faces in large heterogenous > Inger,> environments. > > domain_realms maps domains to realms. IT's a mapping. That means it > is a a function taking domains as input and giving realms as output. > One property of functions and mappings is that they have one value for > any given input. > > Meaning that yes it is disallowed for one domain to map to multiple > realms, and this restriction is not a restriction in the code but more > a fundamental property of the problem being solved. > ________________________________________________ > Kerberos mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
