cross-realm logins with ssh & pam_krb5

Troy Benjegerdes hozer at hozed.org
Thu Jan 27 19:47:12 EST 2005


I want to allow users from two different realms to be able to log into a
machine via ssh using the pam_krb5 kerboard-interactive authentication
method.

Is there a pam_krb5 module that supports this? Ideally, I'd like to
default to REALM1, and users from realm1 would do 
"ssh -l user at REALM2 login-machine", and if they had a valid account,
they could get logged in. For the moment, let's just deal with the case where
the principal name is the same as the login name.

How can I get this to work... I don't think pam/linux is quite happy
with usernames of the form "user at REALM", which would be nice, but maybe
messy.

-- 
--------------------------------------------------------------------------
Troy Benjegerdes                'da hozer'                hozer at hozed.org  

Somone asked my why I work on this free (http://www.fsf.org/philosophy/)
software stuff and not get a real job. Charles Shultz had the best answer:

"Why do musicians compose symphonies and poets write poems? They do it
because life wouldn't have any meaning for them if they didn't. That's why
I draw cartoons. It's my life." -- Charles Shultz


More information about the Kerberos mailing list