0

I want to do setup for kerberos cross realm service authentication using active directory. My question is that should I create a different domain (I read somewhere that realm is a domain) or should I create a different domain controller in same domain.

Currently I am testing with on realm: COLOR.COM KDC, AS and service are on same machine : COLOR.COLOR.COM

So can I create a new DC COLOR1.COLOR.COM and host the service. OR is it necessary to create a new domain (e.g NEWDOM.COM) for cross relam authentication?

prateek goyal
  • 1
  • 2
  • AD Domains by default will have a realm of them same name configured. Making another is unlike to achieve much beyond frustration. Why do you need another AD domain or an MIT realm? – 84104 Jul 16 '15 at 23:28
  • @84104: Thanks for reply. I want to test cross realm authentication. means my client user is on Realm1 and service is on Realm2. Now for client user on realm1, I want to access service on realm2. So for that should I create one more domain? – prateek goyal Jul 17 '15 at 04:28

0 Answers0