Kerberos Authorization Mechanism
I am currently running two KDC servers with cross realm authentication
setup between the two.
1st Server is in kerberos realm TEST.COM
2nd Server is in kerberos realm EXAMPLE.COM
TEST.COM trusts EXAMPLE.COM
Now, I need to design an authorization mechanism by which any administrator
in EXAMPLE.COM should not have admin rights in TEST.COM
Services in TEST.COM are ssh and Unix authentication.
creating ACLs in TEST.COM for authorization is not feasible and I do not
have this option. What are my other options to achieve this?