cross-realm and connectivity between KDCs - Kerberos

This is a discussion on cross-realm and connectivity between KDCs - Kerberos ; Colleagues, If cross-realm authentication is configured between two realms, do the KDCs ever talk directly to each other, or do they talk only to the client? In other words, is IP connectivity necessary between the KDCs, or only between the ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: cross-realm and connectivity between KDCs

  1. cross-realm and connectivity between KDCs

    Colleagues,

    If cross-realm authentication is configured between two realms, do the
    KDCs ever talk directly to each other, or do they talk only to the client?

    In other words, is IP connectivity necessary between the KDCs, or only
    between the client and each of the KDCs?

    --
    Victor Sudakov, VAS4-RIPE, VAS47-RIPN
    2:5005/49@fidonet http://vas.tomsk.ru/

  2. Re: cross-realm and connectivity between KDCs

    >>>>> "VS" == Victor Sudakov writes:

    VS> Colleagues, If cross-realm authentication is configured between
    VS> two realms, do the KDCs ever talk directly to each other, or do
    VS> they talk only to the client?

    VS> In other words, is IP connectivity necessary between the KDCs, or
    VS> only between the client and each of the KDCs?

    The latter, so far as I know. A client obtains a TGT for the trusting
    realm from a KDC in the trusted one, and presents it to a trusting KDC.

    VS> -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49@fidonet
    VS> http://vas.tomsk.ru/

    --
    Richard Silverman
    res@qoxp.net


+ Reply to Thread