auth_to_local
Markus Moeller
huaraz at moeller.plus.com
Tue Aug 29 14:36:42 EDT 2006
I am not sure if I understand the rules. I have two domains which trust each
other and I'd like to avoid the use of a .k5login to allow a user of one
domain to login into a system of the other. Can I do the following ?
On a host server.a.com can I have a config file like:
[libdefaults]
default_realm = A.COM
[realms]
A.COM = {
kdc = kdc.a.com
admin_server = kdc.a.com
auth_to_local = {
RULE:[1:$1](.*@A.COM)s/@.*/-a/
DEFAULT
}
}
B.COM = {
kdc = kdc.b.com
admin_server = kdc.b.com
auth_to_local = {
RULE:[1:$1](.*@B.COM)s/@.*/-b/
DEFAULT
}
}
[domain_realm]
.a.com = A.COM
.b.com = B.COM
which maps a user at A.COM to user-a and a user at B.COM to user-b ? I am also
not sure if I login as user at B.COM on server.a.com will the realm section for
A.COM be used or the section for B.COM ?
Is there a way to debug/test the rules ?
Thank you
Markus
"Russ Allbery" <rra at stanford.edu> wrote in message
news:87veoc71xu.fsf at windlord.stanford.edu...
> Markus Moeller <huaraz at moeller.plus.com> writes:
>
>> Is there anywhere a documentation of how to use RULES with auth_to_local
>> ?
>
> Yeah, it's in the info documentation, in the krb5-admin doc under
> Configuration Files / krb5.conf / realms.
>
> --
> Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list