Linux : krb5 and pam
Sensei
senseiwa at mac.com
Fri Mar 31 11:21:43 EST 2006
On 2006-03-30 01:21:04 +0200, Quinten <quinten at xs4all.nl> said:
> Our environment is currently using 2 AD/realms. I am trying to set up
> a RHEL3 host to authenticate users from both realms. If the
> default_realm in /etc/krb5.conf is set to one realm, the users in the
> other realm cannot authenticate and vice versa. So there is no issue on
> any settings, they just seem unable to coexist.
Naive question... can you kinit the NOT_DEFAULT_REALM?
> The pam_krb5.so module in /etc/pam.d/system-auth is set to
> "sufficient". I have tried to add another entry:
>
> account sufficient /lib/security/$ISA/pam_krb5.so.0
> account sufficient /lib/security/$ISA/pam_krb5.so.0\ realm=not.my.default
Is that a backslash?
> There is a similar setup we have on Solaris hosts that does actually work.
Similar? How? What is the difference?
> I am not quite sure whether this is a PAM or a pam_krb5 issue. Does
> anyone have any suggestions or ideas how to solve this?
Post more informations, pam settings, krb5.conf on both sides, ...
--
Sensei <senseiwa at mac.com>
The optimist thinks this is the best of all possible worlds.
The pessimist fears it is true. [J. Robert Oppenheimer]
More information about the Kerberos
mailing list