[32196] in Kerberos
Re: Multi REALM krb config file.
daemon@ATHENA.MIT.EDU (Russ Allbery)
Mon Mar 29 14:03:17 2010
From: Russ Allbery <rra@stanford.edu>
To: Techie <techchavez@gmail.com>
In-Reply-To: <dc3ecf561003291055ke6218b2j20a524658109af08@mail.gmail.com>
(Techie's message of "Mon, 29 Mar 2010 10:55:44 -0700")
Date: Mon, 29 Mar 2010 11:03:13 -0700
Message-ID: <87y6hbm2e6.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Techie <techchavez@gmail.com> writes:
> The krb5.conf man page seems to indicate that you can have multiple
> Kerberos REALMS defined in a single krb5.conf file.
> Will doing this allow authentication to multiple realms? If so, will it
> try and contact each defined realm until it sees a matching principal?
It depends on what you mean by "it." If you mean kinit, I don't believe
it has support for this. If you mean something else, it depends on the
application. For example, you can configure my pam-krb5 PAM module to do
this.
I believe MIT Kerberos only lets you define a single default realm, which
is the realm used for authentication if no realm is specified in the
principal name. (However, you can do things with server referrals.)
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos