AD, pam and Kerberos?
kvk at elbrus.ru
Fri Aug 18 08:37:21 EDT 2006
For the multi-realm setup with the Active Directory only you can look at
the samba winbindd.
It do the same thing as nss_ldap/pam_krb5 and also can be easily
configured on "DOMAIN+Username" user names.
JK (Jesper Agerbo Krogh) wrote:
> Hi All.
> We have a setup with several Active Directory domains that individually
> each other. Each domain translates into each own Kerberos REALM as far
> as I'm understanding the systems.
> But prinicipals are unique across the realms. Thus if jk at realm1 exixts,
> It doesn't exist in the other realms.
> I'd like to use kerberos for the password lookup in the Linux system
> using pam. This
> Works fine with one "realm" but since the system only looks up users in
> the "default realm" I cannot validate users from the other realms.
> (This is pam for login on Linux Server/Workstations)
> Is it possible to get a "multi"-realm setup like this to work? Any
> It would be nice to be able to specify a map to the kerberos client:
> Jk = jk at realm1
> Test = test at realm2
> Or something like that.
> Kerberos mailing list Kerberos at mit.edu
More information about the Kerberos