Question: want different default_realm for service and user principles
Dirk Pape
pape at inf.fu-berlin.de
Fri Aug 13 06:43:27 EDT 2004
Hello,
In article <411B6408.8080202 at anl.gov>,
deengert at anl.gov ("Douglas E. Engert") wrote:
> As Jeff pointed out, another approach is to start sshd with
> KRB5_CONFIG=/etc/krb5.server.conf already set.
>
> But if you also allow ssh login via Krb user and password, this
> would set the deafult realm for these user to the wrong realm.
yes, I see the problem. As far as I see pam_krb5 has no parameter to set
the realm user will be authenticated to, but allways will take it from
the conf/env.
I will see how far I come with the other hints I got, especially with
using the domain_realms section and capaths appropriately.
I am not willing to maintain a patched kerberos for all our platforms
here, so I have to wait until you patch is accepted by MIT and went into
the os-distributions (debian linux, solaris, macosx), which will take
looong time in my experience
Dirk.
--
Dr. Dirk Pape (Leiter des Rechnerbetriebs)
FB Mathematik und Informatik der FU-Berlin
Takustr. 9, 14195 Berlin
Tel. +49 (30) 838 75143, Fax. +49 (30) 838 75190
More information about the Kerberos
mailing list