Hello,

A customer has an AM 4.3.1. They are setting up Kerberos authentication with AM with multiple non-trusted AD domains.

We are following this Cool Solution: https://www.netiq.com/communities/co...ed-ad-domains/

A question about the Kerberos configuration is the following:

When configuring Kerberos in AM, you provide the Kerberos KDC. This is either an IP address or a DNS name. So, you can only provide 1 KDC. I would think that it is needed to somehow provide all the KDCs for all the domains that Kerberos will be configured for. Or am i wrong? The Cool Solution does not address this, but assumes that it will work, as long as the SPN is the same in all domains with the same password.

We have only configured Kerberos for 1 domain, but hopefully today we will have another domain on.

Have anyone tried this setup?

Thanks in advance,

Jacob.