You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by co...@apache.org on 2017/11/06 14:50:10 UTC

directory-kerby git commit: Updating Cross realm docs

Repository: directory-kerby
Updated Branches:
  refs/heads/trunk e9a66a60e -> 53671bcfe


Updating Cross realm docs


Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/53671bcf
Tree: http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/53671bcf
Diff: http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/53671bcf

Branch: refs/heads/trunk
Commit: 53671bcfef528a687fe885565addbe14ac71ee69
Parents: e9a66a6
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Nov 6 14:50:03 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Nov 6 14:50:03 2017 +0000

----------------------------------------------------------------------
 docs/cross-realm.md | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-kerby/blob/53671bcf/docs/cross-realm.md
----------------------------------------------------------------------
diff --git a/docs/cross-realm.md b/docs/cross-realm.md
index 9d68818..54e9999 100644
--- a/docs/cross-realm.md
+++ b/docs/cross-realm.md
@@ -32,6 +32,8 @@ KadminTool.local: addprinc -pw [same-password] krbtgt/B.EXAMPLE.COM@A.EXAMPLE.CO
 // Make sure that both principals have matching key version numbers and encryption types
 KadminTool.local: getprinc krbtgt/B.EXAMPLE.COM@A.EXAMPLE.COM
 ```
+Note that the same "krbtgt/B.EXAMPLE.COM@A.EXAMPLE.COM" principal (with the
+same password) must exist in both the A.EXAMPLE.COM and B.EXAMPLE.COM KDCs.
 
 ### Configure krb5.conf of realms
 
@@ -39,7 +41,8 @@ KadminTool.local: getprinc krbtgt/B.EXAMPLE.COM@A.EXAMPLE.COM
 
 * config capaths section, which contains the realm chain.
 
-An example of krb5.conf:
+An example of krb5.conf - this is required for both the A.EXAMPLE.COM and 
+B.EXAMPLE.com KDCs, as well as for the Tool dist below:
 ```
 [realms]
   A.EXAMPLE.COM = {
@@ -69,3 +72,9 @@ An example of krb5.conf:
 cd kerby-dist/tool-dist
 sh bin/kinit.sh -conf [client-conf-dir] -c [credential-cache-of-local-realm] -S [principal-name-of-remote-realm]
 ```
+Example:
+```
+cd kerby-dist/tool-dist
+sh bin/kinit.sh -conf [client-conf-dir] alice@A.EXAMPLE.COM
+sh bin/kinit.sh -conf [client-conf-dir] -c /tmp/krb5cc_1000 -S service@B.EXAMPLE.COM
+```