On Wed, 12 Nov 2003 11:09:33 -0500 Sam Hartman wrote:

> Why don't you have a .k5login file on each image.  Kerberos is not an
> authorization system.
> 

Here's my situation:
I'm using the Kerberos5 PAM module to authenticate with my KDC.
added local user "jin" on litxwas01.jin.com
added principal "jin/litxwas01.jin.com" in the KDC with realm JIN.COM
added principal "jin" in the KDC with realm JIN.COM

Now, I would like for the following to happen....
If I log in as Linux userID "jin", I want the system to authenticate me to
the KDC as "jin/litxwas01.jin.com@JIN.COM" (right now if I log in as "jin",
it authenticates me as "jin@JIN.COM").
Then after I enter the correct password for
"jin/litxwas01.jin.com@JIN.COM", I'm actually logged in as Linux userID
"jin".	(this part I can see doing with auth_to_local, auth_to_local_names,
or .k5login).

How can I do the the "jin" to "jin/litxwas01.jin.com" mapping?