DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

(heimdal.info) Transit policy

Info Catalog (heimdal.info) Cross realm (heimdal.info) Setting up a realm (heimdal.info) Setting up DNS 
 
 Transit policy
 ==============
 
 If you want to use cross realm authentication through an intermediate
 realm it must be explicitly allowed by either the KDCs or the server
 receiving the request. This is done in `krb5.conf' in the `[capaths]'
 section.
 
 When the ticket transits through a realm to another realm, the
 destination realm adds its peer to the "transited-realms" field in the
 ticket. The field is unordered, this is since there is no way to know if
 know if one of the transited-realms changed the order of the list.
 
 The syntax for `[capaths]' section:
 
      [capaths]
              CLIENT-REALM = {
                      SERVER-REALM = PERMITTED-CROSS-REALMS ...
              }
 
 The realm `STACKEN.KTH.SE' allows clients from `SU.SE' and `DSV.SU.SE'
 to cross in. Since `STACKEN.KTH.SE' only have direct cross realm with
 `KTH.SE', and `DSV.SU.SE' only have direct cross realm with `SU.SE'
 they need to use both `SU.SE' and `KTH.SE' as transit realms.
 
      [capaths]
      	SU.SE = {
                          STACKEN.KTH.SE = KTH.SE
      	}
      	DSV.SU.SE = {
                          STACKEN.KTH.SE = SU.SE KTH.SE
      	}
Info Catalog (heimdal.info) Cross realm (heimdal.info) Setting up a realm (heimdal.info) Setting up DNS
automatically generated byinfo2html