[32197] in Kerberos
Re: Multi REALM krb config file.
daemon@ATHENA.MIT.EDU (Techie)
Mon Mar 29 14:20:53 2010
MIME-Version: 1.0
In-Reply-To: <87y6hbm2e6.fsf@windlord.stanford.edu>
Date: Mon, 29 Mar 2010 11:20:49 -0700
Message-ID: <dc3ecf561003291120o1acc9219r2b356077337b7a39@mail.gmail.com>
From: Techie <techchavez@gmail.com>
To: Russ Allbery <rra@stanford.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Mon, Mar 29, 2010 at 11:03 AM, Russ Allbery <rra@stanford.edu> wrote:
>>> The krb5.conf man page seems to indicate that you can have multiple>> Kerberos REALMS defined in a single krb5.conf file.>>> Will doing this allow authentication to multiple realms? If so, will it>> try and contact each defined realm until it sees a matching principal?>> It depends on what you mean by "it." If you mean kinit, I don't believe> it has support for this. If you mean something else, it depends on the> application. For example, you can configure my pam-krb5 PAM module to do> this.Good point.. By it I mean this..I have an LDAP setup with all users contained within the tree.However these users are broken into 4 KRB REALMS.I use pam_krb5 for authentication and it works for the default realm.Do you have any links describing how to setup pam_krb5 for multirealm? This is basically what I am chasing.> I believe MIT Kerberos only lets you define a single default realm, which> is the realm used for authentication if no realm is specified in the> principal name. (However, you can do things with server referrals.)Can you please elaborate on what you mean by server referral? Do youmean server referral as in LDAP server referrals or as in a referralto another KDC for authentication? May be a dumb question..I know LDAPserver referrals are possible but don't know if KRB allows it.
Thanks again>> --> Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>>
________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
