e70965 wrote:
> Hi,
> I have Domain_A and Daomain_B (Both are Win2003 Servers).I have made two-way
> trust between Both AD servers.
> I want to do Kerberos authentication from machine which is joined to
> Domain_A using Domain_B user's account.
> In this case Suppose my client (in Daomin_A) do not have the access to
> domain_B. Authentication process can be done via Domain_A Server to
> Domain_B Server (I mean getting TGT/TGS).

No. The Domain servers (KDC) don't communicate directly. The client
libs request tickets from the user's KDC in Domain_B, for a TGT. That
TGT is used against Domain_B to get a second TGT usable at Domain_A.
(It is encrypted in the shared secret you setup with the trust.)
The second TGT is then used against Domain_A to get service tickets for
services in Domain_A.

> Please help me, if any one knows about this.
> Regards,
> Eswar S
> ************************************************** **************************
> ***********
> This e-mail and attachments contain confidential information from HUAWEI,
> which is intended only for the person or entity whose address is listed
> above. Any use of the information contained herein in any way (including,
> but not limited to, total or partial disclosure, reproduction, or
> dissemination) by persons other than the intended recipient's) is
> prohibited. If you receive this e-mail in error, please notify the sender by
> phone or email immediately and delete it!
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos


Douglas E. Engert
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444