AD, pam and Kerberos?
JK (Jesper Agerbo Krogh)
JK at novozymes.com
Mon Aug 14 09:47:42 EDT 2006
Hi All.
We have a setup with several Active Directory domains that individually
trusts
each other. Each domain translates into each own Kerberos REALM as far
as I'm understanding the systems.
But prinicipals are unique across the realms. Thus if jk at realm1 exixts,
then
It doesn't exist in the other realms.
I'd like to use kerberos for the password lookup in the Linux system
using pam. This
Works fine with one "realm" but since the system only looks up users in
the "default realm" I cannot validate users from the other realms.
(This is pam for login on Linux Server/Workstations)
Is it possible to get a "multi"-realm setup like this to work? Any
pointers?
It would be nice to be able to specify a map to the kerberos client:
Jk = jk at realm1
Test = test at realm2
Or something like that.
Jesper
More information about the Kerberos
mailing list