I am thinking of having Kerberos cross realm authentication on my Unix server ldap authorisation. What happens if I have the same username for different users in the two domains (e.g. user at REALM1 and user at REALM2) ? Does pam_ldap sent the domain details to the ldap server or only the username for authorisation ? Thanks Markus