e70965 wrote: > > Hi, > > I have Domain_A and Daomain_B (Both are Win2003 Servers).I have made two-way > trust between Both AD servers. > I want to do Kerberos authentication from machine which is joined to > Domain_A using Domain_B user's account. > > In this case Suppose my client (in Daomin_A) do not have the access to > domain_B. Authentication process can be done via Domain_A Server to > Domain_B Server (I mean getting TGT/TGS).
No. The Domain servers (KDC) don't communicate directly. The client libs request tickets from the user's KDC in Domain_B, for a TGT. That TGT is used against Domain_B to get a second TGT usable at Domain_A. (It is encrypted in the shared secret you setup with the trust.) The second TGT is then used against Domain_A to get service tickets for services in Domain_A. > > Please help me, if any one knows about this. > > Regards, > Eswar S > > **************************************************************************** > *********** > This e-mail and attachments contain confidential information from HUAWEI, > which is intended only for the person or entity whose address is listed > above. Any use of the information contained herein in any way (including, > but not limited to, total or partial disclosure, reproduction, or > dissemination) by persons other than the intended recipient's) is > prohibited. If you receive this e-mail in error, please notify the sender by > phone or email immediately and delete it! > > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos