[32597] in Kerberos
pam_krb5 question on multiple user realms
daemon@ATHENA.MIT.EDU (SANDERS Miguel)
Tue Aug 24 13:56:51 2010
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Tue, 24 Aug 2010 19:56:32 +0200
Message-ID: <7DF29B50FFF41848BB2281EC2E71A206015EE1E9@GEN-MXB-V04.msad.arcelor.net>
From: "SANDERS Miguel" <miguel.sanders@arcelormittal.com>
To: <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi folks
I'm currently experimenting with pam_krb5 (2.3.1-47.10.15).
My setup consists of three realms, of which 1 contains service
principals (A.COM) and the other two (B.COM and C.COM) are AD domains
providing user principals. The default realm for our Linux box is A.COM
but we would like to allow users from B.COM and C.COM to access our
machine (the users are mapped properly using auth_to_local in
krb5.conf).
However there's one thing that I can't find out: is it possible to
provide multiple user realms in the PAM configuration file, f.e.
auth sufficient pam_krb5.so realm=B.COM -> works ok for users in
B.COM accessing our domains
---
auth sufficient pam_krb5.so realm=C.COM -> works ok for users in
C.COM accessing our domains
---
auth sufficient pam_krb5.so realm=B.COM realm=C.COM -> doesn't
work...
Any ideas on how this can be achieved.
Thanks.
Miguel
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
