krb5_aname_to_localname() issue

Guillaume Rousse Guillaume.Rousse at inria.fr
Wed Jun 3 11:05:07 EDT 2009


Hello list.

We use apache-mod_auth_kerb 5.4, with
KrbLocalUserMapping directive, allowing to map foo at REALM user string to 
foo, through krb5_aname_to_localname() function.

However, while it works perfectly with principal from the local domains, 
it doesn't with principal from other domains, for which a trust 
relationship is established:
krb5_aname_to_localname() found no mapping for principal 
garet at LILLE.FUTURS.INRIA.FR

According to krb5_aname_to_localname man page, this is quite normal:
This function takes a principal name, verifies that it is in the local
      realm (using krb5_get_default_realms())

The man page for krb5_get_default_realms() seems to imply there could be 
several default realms, but I didn't found any way to configure it in 
krb5.conf (default_realm only takes one).

So, how can I also map principals from other trusted realms ?
-- 
Guillaume Rousse
Service des Moyens Informatiques
INRIA Saclay - Île-de-France
Parc Orsay Université, 4 rue J. Monod
91893 Orsay Cedex France
Tel: 01 69 35 69 62



More information about the Kerberos mailing list