cross-realm logins with ssh & pam_krb5
Troy Benjegerdes
hozer at hozed.org
Thu Jan 27 19:47:12 EST 2005
I want to allow users from two different realms to be able to log into a
machine via ssh using the pam_krb5 kerboard-interactive authentication
method.
Is there a pam_krb5 module that supports this? Ideally, I'd like to
default to REALM1, and users from realm1 would do
"ssh -l user at REALM2 login-machine", and if they had a valid account,
they could get logged in. For the moment, let's just deal with the case where
the principal name is the same as the login name.
How can I get this to work... I don't think pam/linux is quite happy
with usernames of the form "user at REALM", which would be nice, but maybe
messy.
--
--------------------------------------------------------------------------
Troy Benjegerdes 'da hozer' hozer at hozed.org
Somone asked my why I work on this free (http://www.fsf.org/philosophy/)
software stuff and not get a real job. Charles Shultz had the best answer:
"Why do musicians compose symphonies and poets write poems? They do it
because life wouldn't have any meaning for them if they didn't. That's why
I draw cartoons. It's my life." -- Charles Shultz
More information about the Kerberos
mailing list