Question about krb5_kuserok() and .k5login

Sam Hartman hartmans at MIT.EDU
Sat Feb 26 18:54:43 EST 2005

I believe the MIT behavior is correct.  You need a way of saying that
for a particular local account that the default Kerberos realm's
principal by that name is not allowed to log in.

Otherwise it is problematic to have machines where the local
authorization policy does not map well to the Kerberos realm's account


More information about the Kerberos mailing list