KERBEROS KdcNames realm kerberos multidomain multikdc

De wikili
Aller à la navigation Aller à la recherche

### Trust-Relationship-on-Windows-Server

https://zscaler.zendesk.com/hc/en-us/articles/204843759-Kerberos-Configuration-Example-Trust-Relationship-on-Windows-Server-2012-and-GPO-Push

`HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\KdcNames = kdc.otherrealm.com`

### Define host name-to-Kerberos realm mappings

https://getadmx.com/?Category=Windows_10_2016&Policy=Microsoft.Policies.Kerberos::HostToRealm

Registry Hive    HKEY_LOCAL_MACHINE

Registry Path    Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos

Value Name    domain_realm_Enabled

Value Type    REG_DWORD

Enabled Value    1

Disabled Value    0

Registry Hive    HKEY_LOCAL_MACHINE

Registry Path    Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\domain_realm

Value Name    {number}

Value Type    REG_SZ

Default Value    

Syntax:

Enter the Kerberos realm name as the Value Name.

Enter the host names and DNS suffixes, that you want to

map to the Kerberos realm, as the Value. To add multiple

names, separate entries with ";".

Note: To specify a DNS suffix prepend the entry with a '.' period.

For a host name entry do not specify a leading '.' period.

### Example:

Value Name: MICROSOFT.COM

Value: .microsoft.com; .ms.com; computer1.fabrikam.com;

In the example above. All principals with either the DNS suffix

of *.microsoft.com or *.ms.com will be mapped to the

MICROSOFT.COM Kerberos realm. In addition the host name

computer1.fabrikam.com will also be mapped to the

MICROSOFT.COM Kerberos realm.

Récupérée de « http://www.wikili.be/index.php?title=KERBEROS_KdcNames_realm_kerberos_multidomain_multikdc&oldid=230 »