AD, pam and Kerberos?

JK (Jesper Agerbo Krogh) JK at
Mon Aug 14 09:47:42 EDT 2006

Hi All. 

We have a setup with several Active Directory domains that individually
each other. Each domain translates into each own Kerberos REALM as far
as I'm understanding the systems. 

But prinicipals are unique across the realms. Thus if jk at realm1 exixts,
It doesn't exist in the other realms. 

I'd like to use kerberos for the password lookup in the Linux system
using pam. This
Works fine with one "realm" but since the system only looks up users in
the "default realm" I cannot validate users from the other realms. 

(This is pam for login on Linux Server/Workstations)

Is it possible to get a "multi"-realm setup like this to work? Any

It would be nice to be able to specify a map to the kerberos client:

Jk = jk at realm1
Test = test at realm2 

Or something like that. 


More information about the Kerberos mailing list