request a keytab from KDC in other domain
i am Sunil C. i have a domain named xx.com which has a KDC.
i also have a domain co.yy where my server is. there is no KDC in it.
users are in xx.com domain.
but my servers are in (co.yy) domain.
i had set up a test scenario with a user and a server in domain (xx.com)
since KDc was setup i got ticket and was able to authenticate well using
my issue is that all my production servers are in domain (co.yy) which
doesnt have a KDC. i want to authenticate and use the server services in
setting up KDC is not feasible in both domains for me.
now i have done some configuration in krb5.conf file on my server
xx.com = XX.COM
..xx.com = XX.COM
co.yy = XX.COM
..co.yy = XX.COM
this shows that my domain co.yy which doesnnot have a KDC , i have mapped it
to the realm XX.COM .
now i have some issues.
1) how can i get a keytab from the KDC of XX.COM ( my server in co.yy)
is this command correct ?[color=blue]
> ktpass -princ HTTP/test.co.yy@XX.COM[/color]
2) can i get a keytab with that command
3) i have heard of CNAME.
can i create a CNAME for my server like denver.xx.com CNAME test.co.yy ?
if thats possible i can request a keytab like this[color=blue]
> ktpass -princ HTTP/denver.xx.com@XX.COM[/color]
then will it relate to the real host name> test.co.yy
please help me with my questions .
View this message in context: [url]http://www.nabble.com/Issue-with-KDC-tp14370277p14714285.html[/url]
Sent from the Kerberos - General mailing list archive at Nabble.com.