AD, pam and Kerberos?
Konstantin Kunshchikov
kvk at elbrus.ru
Fri Aug 18 08:37:21 EDT 2006
For the multi-realm setup with the Active Directory only you can look at
the samba winbindd.
It do the same thing as nss_ldap/pam_krb5 and also can be easily
configured on "DOMAIN+Username" user names.
regards,
Konstantin.
JK (Jesper Agerbo Krogh) wrote:
> Hi All.
>
> We have a setup with several Active Directory domains that individually
> trusts
> each other. Each domain translates into each own Kerberos REALM as far
> as I'm understanding the systems.
>
> But prinicipals are unique across the realms. Thus if jk at realm1 exixts,
> then
> It doesn't exist in the other realms.
>
> I'd like to use kerberos for the password lookup in the Linux system
> using pam. This
> Works fine with one "realm" but since the system only looks up users in
> the "default realm" I cannot validate users from the other realms.
>
> (This is pam for login on Linux Server/Workstations)
>
> Is it possible to get a "multi"-realm setup like this to work? Any
> pointers?
>
> It would be nice to be able to specify a map to the kerberos client:
>
> Jk = jk at realm1
> Test = test at realm2
>
> Or something like that.
>
> Jesper
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list