I have multiple business that i would like to authenticate to a single server for SSO. I am using 389 directory server and have already split each domain into it's own respective OU. I would like to use Kerberos for authentication, but can't seem to find any information on how to get kerberos to handle multiple domains.
Asked
Active
Viewed 478 times
1 Answers
0
Kerberos is a flat namespace. You will either:
a) establish a single domain at the base dn of your ldapand place all accounts in a global shared realm
b) establish domains lower down the tree (ie at the "domain ou" level you have set up) and configure trust relationships between each of them.
If you can store the kerberos principals in ldap that could make management a bit easier. Was that the plan?
Andy
- 1,101
- 1
- 7
- 10