[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cross-realm difficulties

To: heimdal-discuss@sics.se
Subject: Re: cross-realm difficulties
From: Priit Randla <priit.randla@eyp.ee>
Date: Fri, 25 Feb 2005 14:57:56 +0200
In-Reply-To: <4211F22C.8090203@eyp.ee>
Organization: UBE
References: <41FF67D1.9040608@eyp.ee> <ampsz4lchp.fsf@nutcracker.it.su.se> <421094D2.1020605@eyp.ee> <4211F22C.8090203@eyp.ee>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922

Priit Randla wrote:

>
>
>    Hello,
>
> I saw that aname_to_localname and krb5_kuserok use 
> krb5_get_default_realms to
> obtain an array of 'default realms'.
> All examples of krb5.conf show only single default_realm = EXAMPLE.COM
> .. or something like that.
>
> Should one use 'default_realm = AAA BBB'  or two entries:
> default_realm = AAA
> default_realm = BBB
>
> Or is there another way alltogether to do principal->local user maping 
> with
> principals from multiple kerberos realms?
>
> Priit
>
    Well, I kinda got that stuff working.
On Heimdal-equipped computers I use 'default_realm = BBB AAA'  and then 
openssh
lets in the user(s) with principal 'username@AAA'.  If I have 
'default_realm = BBB', it won't.

Priit

References:
- cross-realm difficulties
  - From: Priit Randla <priit.randla@eyp.ee>
- Re: cross-realm difficulties
  - From: Love <lha@stacken.kth.se>
- Re: cross-realm difficulties
  - From: Priit Randla <priit.randla@eyp.ee>
- Re: cross-realm difficulties
  - From: Priit Randla <priit.randla@eyp.ee>

Prev by Date: Re: cross-realm difficulties
Next by Date: Unable to change expired Kerberos passwords on Windows XP
Prev by thread: Re: cross-realm difficulties
Next by thread: Re: cross-realm difficulties
Index(es):
- Date
- Thread