home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.protocols.kerberos
- Path: sparky!uunet!scifi!acheron!philabs!linus!agate!stanford.edu!ATHENA.MIT.EDU!warlord
- From: warlord@ATHENA.MIT.EDU (Derek Atkins)
- Subject: Re: What's the use of .klogin ?? (Conclusion)
- Message-ID: <9301281635.AA29212@steve-dallas.MIT.EDU>
- Sender: news@shelby.stanford.edu (USENET News System)
- Organization: Internet-USENET Gateway at Stanford University
- Date: Thu, 28 Jan 1993 16:35:05 GMT
- Lines: 45
-
- Uhh, I'm sorry to say, but you are still a little confused about
- inter-realm authentication. Here is how it works:
-
- You have two realms, Realm1 and Realm2. You then create a shared key...
- In Realm1: krbtgt.Realm2@Realm1
- In Realm2: krbtgt.Realm1@Realm2
-
- Both of these should have the *SAME* password.
-
- Now, you have two hosts, one in each realm, host1 and host2. You create
- a key for each host *only* in the realm of the host:
- In Realm1: rcmd.host1@Realm1
- In Realm2: rcmd.host2@Realm2
-
- > 3) to connect:
- >
- > - go to host1
- > - run kinit (local realm)
- > - run rlogin host2 -k realm_of_host1 and there you are logged in to
- > host2 using your local authentication.
-
- The kinit part is fine. However, to rlogin, you just need to make sure
- that Realm2 is in krb.conf and host2 resolves to Realm2 in krb.realms.
- Now, all you need to do is:
- rlogin host2
-
- When you do this, you can then klist, and it should give you something
- that looks like:
-
- Ticket file: /tmp/tkt_foo
- Principal: foo@Realm1
-
- Issued Expires Principal
- Jan 28 10:14:01 Jan 28 20:14:01 krbtgt.Realm1@Realm1
- Jan 28 10:17:39 Jan 28 18:17:39 krbtgt.Realm2@Realm1
- Jan 28 10:17:41 Jan 28 18:17:41 rcmd.host2@Realm2
-
- I hope this clears things up a little...
-
- Inter-realm authentication works fine. I use it all the time!
-
- -derek
-
- PGP 2 key available upon request, or via AFS:
- /afs/athena.mit.edu/user/w/a/warlord/pgp-pubkey.asc
-
