pam_krb5 question on multiple user realms
SANDERS Miguel
miguel.sanders at arcelormittal.com
Tue Aug 24 13:56:32 EDT 2010
Hi folks
I'm currently experimenting with pam_krb5 (2.3.1-47.10.15).
My setup consists of three realms, of which 1 contains service
principals (A.COM) and the other two (B.COM and C.COM) are AD domains
providing user principals. The default realm for our Linux box is A.COM
but we would like to allow users from B.COM and C.COM to access our
machine (the users are mapped properly using auth_to_local in
krb5.conf).
However there's one thing that I can't find out: is it possible to
provide multiple user realms in the PAM configuration file, f.e.
auth sufficient pam_krb5.so realm=B.COM -> works ok for users in
B.COM accessing our domains
---
auth sufficient pam_krb5.so realm=C.COM -> works ok for users in
C.COM accessing our domains
---
auth sufficient pam_krb5.so realm=B.COM realm=C.COM -> doesn't
work...
Any ideas on how this can be achieved.
Thanks.
Miguel
More information about the Kerberos
mailing list