Hi,
I am currently running two KDC servers with cross realm authentication
setup between the two.
1st Server is in kerberos realm TEST.COM
2nd Server is in kerberos realm EXAMPLE.COM

TEST.COM trusts EXAMPLE.COM

Now, I need to design an authorization mechanism by which any administrator
in EXAMPLE.COM should not have admin rights in TEST.COM

Services in TEST.COM are ssh and Unix authentication.

creating ACLs in TEST.COM for authorization is not feasible and I do not
have this option. What are my other options to achieve this?

Regards
Vibhuti Sinha