AnsweredAssumed Answered

Chaining multiple AD/Kerberos

Question asked by loftux Moderator on Dec 11, 2008
Can you do chaining for multiple AD/Kerberos servers?
A client has 2 Active directories that for some reason they cannot set up a trust between them.
And they want single sign on for this as well.
Kerberos SSO is set up and working with one AD, now they want both and as said, they are not in a trust.

I guess it is possible to define multiple realms in java.login.config and setup the chaining context file for multiple AD, but for CIFS server and the Authentication Filter in web.xml, I can only specify one realm?

So is this solvable?

I noticed that NTLMv2 is now supported from v3 (client has turned of NTLMv1)-Where NTLMv2 is mentioned, maybe this is a better option, since I can specify multiple servers and route to correct server using domain mapping.

Outcomes