Joining a multiple realm AD environment

Chris Penney penney at msu.edu
Fri May 18 12:43:53 EDT 2007


On 5/17/07, Douglas E. Engert <deengert at anl.gov> wrote:
> Whoses pam_krb5?   Russ Allbery's has some extra options that might
> try both realms.


On 5/17/07, Markus Moeller <huaraz at moeller.plus.com> wrote:
> You need entries like (assuming that users are uniq over both domains
> and you have more users in LOC1.DOM.COM)
> other auth sufficient  pam_krb5 REALM=LOC1.DOM.COM
> other auth sufficient  pam_krb5 REALM=LOC2.DOM.COM

Ah!  I see.  I used the pam_krb5 that Douglas noted and the pam config
lines you noted and it works basically as intended.

Do you still have to do this even if you add the system to AD via a
"User" account?

Thanks!

    Chris



More information about the Kerberos mailing list