Using an alternate principal for ssh
Carson Gaspar
carson at taltos.org
Tue May 31 16:02:57 EDT 2022
On 5/31/2022 12:43 PM, Jeffrey Hutzelman wrote:
>
> On Tue, May 31, 2022 at 3:36 PM Carson Gaspar <carson at taltos.org> wrote:
>
> I agree about the sshd config options, but looking at the source code
> for Russ's pam_krb5, I don't think it will work as-is without
> changing
> the username provided by the client (see my previous post).
>
>
> It will. You want something like
> alt_auth_map=%s/ssh at REALM
> only_alt_auth=true
Ah - I missed that as it takes a different code path that bypasses the
normal user name mapping. Thanks for the correction!
--
Carson
More information about the Kerberos
mailing list