krb5_aname_to_localname() issue
Guillaume Rousse
Guillaume.Rousse at inria.fr
Wed Jun 3 11:05:07 EDT 2009
Hello list.
We use apache-mod_auth_kerb 5.4, with
KrbLocalUserMapping directive, allowing to map foo at REALM user string to
foo, through krb5_aname_to_localname() function.
However, while it works perfectly with principal from the local domains,
it doesn't with principal from other domains, for which a trust
relationship is established:
krb5_aname_to_localname() found no mapping for principal
garet at LILLE.FUTURS.INRIA.FR
According to krb5_aname_to_localname man page, this is quite normal:
This function takes a principal name, verifies that it is in the local
realm (using krb5_get_default_realms())
The man page for krb5_get_default_realms() seems to imply there could be
several default realms, but I didn't found any way to configure it in
krb5.conf (default_realm only takes one).
So, how can I also map principals from other trusted realms ?
--
Guillaume Rousse
Service des Moyens Informatiques
INRIA Saclay - Île-de-France
Parc Orsay Université, 4 rue J. Monod
91893 Orsay Cedex France
Tel: 01 69 35 69 62
More information about the Kerberos
mailing list