For the multi-realm setup with the Active Directory only you can look at
the samba winbindd.
It do the same thing as nss_ldap/pam_krb5 and also can be easily
configured on "DOMAIN+Username" user names.
regards,
Konstantin.
JK (Jesper Agerbo Krogh) wrote:
> Hi All.
>
> We have a setup with seve
JK (Jesper Agerbo Krogh) wrote:
> Hi All.
>
> We have a setup with several Active Directory domains that individually
> trusts
> each other. Each domain translates into each own Kerberos REALM as far
> as I'm understanding the systems.
Yes.
>
> But prinicipals are unique across the realms
You could try one of the commercial products such as VAS (Quest) or
DirectControl (Centrify). I believe they both have quite good support
for multiple domains.
-- Luke
--
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mai
Hi All.
We have a setup with several Active Directory domains that individually
trusts
each other. Each domain translates into each own Kerberos REALM as far
as I'm understanding the systems.
But prinicipals are unique across the realms. Thus if [EMAIL PROTECTED] exixts,
then
It doesn't exist
