libapache2-mod-auth-kerb and cross-realm

[Jaap Winius]

On Thu, 14 Aug 2014 17:59:49 -0400, Simo Sorce wrote:

> What you observe is expected when you use PAM authentication in OpenSSH
> (ie you enter username/password at the prompt), however should you use
> GSSAPI authentication instead then both foo at MYREALM.COM and
> foo at EXAMPLE.COM would be logged in as 'foo'.

But, that's what I mean: I am using GSSAPI authentication. However, even 
though I half-expected the very trouble you describe, it's just not 
happening that way. Instead, the @MYREALM.COM ticket I started out with 
is simply being carried over to the EXAMPLE.COM system as it was before. 
I.e. the new auth_to_local rules seem not to influence this behaviour.

> Sounds like a bug in your mod_auth_kerb module, in Fedora/RHEL I see a
> patch to deal with that set the max length to 255

I figured as much. We'll just have to be patient.
 
Cheers,

Jaap