I want to design my own micro services framework - API lifecycle mgmt, service discovery and security. Authentication surely must be encryption based but how do we go about federating across two Kerberos realms?

  • 183
  • 1
  • 5

1 Answers1


Direct from the docs regarding Cross-realm Authentication

In order for a KDC in one realm to authenticate Kerberos users in a different realm, it must share a key with the KDC in the other realm. In both databases, there must be krbtgt service principals for realms. These principals should all have the same passwords, key version numbers, and encryption types.

Ryan Bolger
  • 16,472
  • 3
  • 40
  • 59