Cross domain/realm authentication

Here is my problem: I can't find any document on cross domain authentication with java+kerberos. I have to authenticate against distant LDAP on other realm. How can we do that in java?

Thank you

EDIT:

Here is my krb5.conf:

[libdefaults]

default_realm = REALM1

dns_lookup_realm = false

dns_lookup_kdc = false

forwardable = true

[realms]

REALM1 = {

kdc = kerberos.my.url.domain1:88

admin_server = kerberos.my.url.domain1:749

default_domain = .开发者_高级运维

}

REALM2 = {

kdc = kerberos.my.url.domain2:88

admin_server = kerberos.my.url.domain2:749

}

[domain_realm]

.my.url.domain1 = REALM1

.my.url.domain2 = REALM2

Cross-realm works in command line when I execute on domain1

ldapsearch -H "ldap:/my.url.domain2"

so I suppose my krb5.conf is good

Authenticating against an LDAP is not the same as authenticating with Kerberos.
Could you give some more backgroung on what it is you need to accomplish. For example:

• are you writing client code that needs to respond to a Kerberos authentication chalenge?
• does your code need to validate a user + password against an LDAP?