Re: cosign with multiple kerberos realms

[Brett Lomas <b.lomas@xxxxxxxxxxxxxx>]

I don't believe it has.

Having said that most of the code will handle multiple realms already.
The only problem i could see with this how you handle an application
getting an incorrect kerberos ticket (in a realm it know nothing about).
e.g. a user chooses to authenticate to realm A and accesses web service
X which is part of realm B and get a kerberos ticket from the cosign
server for A. The possibly needs to be a mechanism for the webservers to
requests a ticket in a certain realm, and if not there get the user to
re-authenticate in that realm?? Unless you can build kerberos trust?
(not sure on this)

Brett

On Fri, 2005-03-11 at 08:47, Ben Poliakoff wrote:
> I haven't been able to find much info about how cosign might be able to
> work with multiple krb5 realms.
> 
> Googling about, I found a proposal:
> 
>     http://www.umich.edu/~umweb/software/cosign/media/proposal.rtf
> 
> ...that includes a bullet item:
> 
>     "User selects authentication type and Kerberos realm."
> 
> Has such functionality (login page featuring a drop down menu of
> realms) ever been implemented?
> 
> Ben