Cross Realm MIT <-> Windows Close But No Cigar

Christopher D. Clausen cclausen at
Thu May 3 22:39:31 EDT 2007

Michael B Allen <mba2000 at> wrote:
> On Thu, 3 May 2007 20:31:55 -0500
> "Christopher D. Clausen" <cclausen at> wrote:
>> Try creating a ~/.k5login file in the home directory of
>> the user you are logging in as listing authorized Kerberos
>> principals, one per line.
> That was it! SSH now works cross realm. I was clueless about .k5login.

You can use an auth_to_local rule in krb5.conf instead.  Search this 
list for a post a few weeks back for some to try.

> Now I wonder what smbclient's problem is with the bad echo'd
> signatures. Wheres Andrew Bartlett when you need him ...

After I broke AD.UIUC.EDU (yes, campus wide) several years ago using 
samba, I haven't touched it.  But I suspect that is a question for a 
samba list.  I assume you have looked at the KDC logs and possible some 
network traces to try and figure out what is going on?

> Mmm, UIUC. I have droves of family in Champaign.

I don't.  Thats why I moved here :-)


More information about the Kerberos mailing list