Mapping domains to Kerberos
realms
Kerberos
realmsWhen a client attempts to access a service running on a particular server, it
knows the name of the service (host) and the name of the server (for example,
server01.example.com), but because more than one
Kerberos
realm
may be deployed on your network, it must guess the name of the realm in which the service
resides.By default, the name of the realm is taken to be the DNS domain name of the
server in uppercase letters.
Example Domain Name | EXAMPLE Kerberos
REALM NAME |
|---|---|
server01.example.org | EXAMPLE.ORG |
server01.example.com | EXAMPLE.COM |
server01.hq.example.com | HQ.EXAMPLE.COM |
In many configurations, this is sufficient, but in others, the derived realm
name might not be the name of a valid realm. In these cases, the mapping from the server's DNS
domain name to the name of its realm must be specified, as shown below.
For
BlackBerry Access
domain-to-realm mapping, you can record a list of comma-separated equivalencies in which the
first mapping in the list is treated as the default domain mapping. It will be used if the user
has left the domain field empty, as well as when the server requires NTLM or Kerberos
authentication.Another frequent use of this mapping is to equate a NetBiOS name that users
might be familiar with to a
Kerberos
realm
name that becomes more recognizable.