Skip to main content
NetApp Knowledgebase

What does the kerberos.check_transited_list.enable option do?

Views:
49
Visibility:
Public
Votes:
0
Category:
data-ontap-8
Specialty:
cifs
Last Updated:

Applies to

  • Data ONTAP 8 7-mode
  • CIFS/SMB
  • Kerberos

Answer

  • This option allows support for cross-realm transitive trusts
  • Allows for verification of the Transited List
    • Contains a list of transited domains
    • Allows authentication if a transited domain is trusted by the current domain of the 7-mode CIFS Server
      • cifs domaininfo provides the current domain
      • The list of trusted domains must be obtained from the Active Directory Server

Additional Information

  • Transited Lists are not necessary if trust exists between all domains accessing the system
  • If checking the Transited List fails, the option may be disabled
    • kerberos.check_transited_list.enable off