The change to vmdir/rpcserv.c allows "foreign domain" Kerberos principals
to be stored in vmdir. The idea is to always generate a DN which is under
the cn=users,dc=vsphere,dc=local (assuming vdcpromo was -d VSPHERE.LOCAL).
Example for a cross-realm object:
cn=krbtgt/LOCAL@FOREIGN,cn=users,dc=vsphere,dc=local.
The UPN will still be krbtgt/LOCAL@FOREIGN, and vmkdc will still be able
to find this object.
Backport work already functioning in project-lightwave for
cross-realm authentication to lotus/main.
cross-realm-install.sh is more relevant to deploying on photon, and probably
not much use in lotus/main.
The change to vmdir/rpcserv.c allows "foreign domain" Kerberos principals to be stored in vmdir. The idea is to always generate a DN which is under the cn=users,dc=vsphere,dc=local (assuming vdcpromo was -d VSPHERE.LOCAL). Example for a cross-realm object: cn=krbtgt/LOCAL@FOREIGN,cn=users,dc=vsphere,dc=local. The UPN will still be krbtgt/LOCAL@FOREIGN, and vmkdc will still be able to find this object.
Backport work already functioning in project-lightwave for cross-realm authentication to lotus/main.
cross-realm-install.sh is more relevant to deploying on photon, and probably not much use in lotus/main.