subject:"RE\: Mimicking AD's Kerberos Forest Search Order \(KFSO\) with MIT Kerberos"

Re: Mimicking AD's Kerberos Forest Search Order (KFSO) with MIT Kerberos

2017-03-15 Thread Greg Hudson

On 03/15/2017 11:39 AM, Osipov, Michael wrote: > So there is basically no way to tell MIT Kerberos if you home realm is > unable to route the request, it should try other realms, correct? No; we have a fallback realm mechanism in the TGS client code, but it only tries one realm (determined by TXT

Re: Mimicking AD's Kerberos Forest Search Order (KFSO) with MIT Kerberos

2017-03-15 Thread Sean Elble

On Mar 15, 2017, at 10:56 AM, Osipov, Michael wrote: > > Both aren't an option: > > 1. TXT records are unknown to Windows are all host to realm maping is > performed by the domain controller by querying the global catalog But you could still add TXT records to your

RE: Mimicking AD's Kerberos Forest Search Order (KFSO) with MIT Kerberos

2017-03-15 Thread Osipov, Michael

> On 03/15/2017 10:56 AM, Osipov, Michael wrote: > >> * The host-based service referrals mechanism also seems promising, and > >> you're certainly running a new enough version of Kerberos to > accommodate > >> it. I have not personally used it (yet), but it maintains security > >> whereas the DNS

Re: Mimicking AD's Kerberos Forest Search Order (KFSO) with MIT Kerberos

2017-03-15 Thread Greg Hudson

On 03/15/2017 10:56 AM, Osipov, Michael wrote: >> * The host-based service referrals mechanism also seems promising, and >> you're certainly running a new enough version of Kerberos to accommodate >> it. I have not personally used it (yet), but it maintains security >> whereas the DNS lookup

RE: Mimicking AD's Kerberos Forest Search Order (KFSO) with MIT Kerberos

2017-03-15 Thread Osipov, Michael

> On Mar 15, 2017, at 8:15 AM, Osipov, Michael > wrote: > > > > Hi folks, > > > > we are experiencing a problem with an insufficient Kerberos setup on > Active Directory > > side which can be solved on Windows-side with Kerberos Forest Search > Order [1]. > > What

Re: Mimicking AD's Kerberos Forest Search Order (KFSO) with MIT Kerberos

2017-03-15 Thread Sean Elble

On Mar 15, 2017, at 8:15 AM, Osipov, Michael wrote: > > Hi folks, > > we are experiencing a problem with an insufficient Kerberos setup on Active > Directory > side which can be solved on Windows-side with Kerberos Forest Search Order > [1]. > What Windows

Re: Mimicking AD's Kerberos Forest Search Order (KFSO) with MIT Kerberos

Re: Mimicking AD's Kerberos Forest Search Order (KFSO) with MIT Kerberos

RE: Mimicking AD's Kerberos Forest Search Order (KFSO) with MIT Kerberos

Re: Mimicking AD's Kerberos Forest Search Order (KFSO) with MIT Kerberos

RE: Mimicking AD's Kerberos Forest Search Order (KFSO) with MIT Kerberos

Re: Mimicking AD's Kerberos Forest Search Order (KFSO) with MIT Kerberos

6 matches

Site Navigation

Mail list logo

Footer information