[36385] in Kerberos
Re: libapache2-mod-auth-kerb and cross-realm
daemon@ATHENA.MIT.EDU (Jaap Winius)
Thu Aug 14 20:07:11 2014
To: kerberos@mit.edu
From: Jaap Winius <jwinius@umrk.nl>
Date: Fri, 15 Aug 2014 00:06:41 +0000 (UTC)
Message-ID: <lsjiuh$1u5$1@ger.gmane.org>
Mime-Version: 1.0
X-Complaints-To: usenet@ger.gmane.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Thu, 14 Aug 2014 17:59:49 -0400, Simo Sorce wrote:
> What you observe is expected when you use PAM authentication in OpenSSH
> (ie you enter username/password at the prompt), however should you use
> GSSAPI authentication instead then both foo@MYREALM.COM and
> foo@EXAMPLE.COM would be logged in as 'foo'.
But, that's what I mean: I am using GSSAPI authentication. However, even
though I half-expected the very trouble you describe, it's just not
happening that way. Instead, the @MYREALM.COM ticket I started out with
is simply being carried over to the EXAMPLE.COM system as it was before.
I.e. the new auth_to_local rules seem not to influence this behaviour.
> Sounds like a bug in your mod_auth_kerb module, in Fedora/RHEL I see a
> patch to deal with that set the max length to 255
I figured as much. We'll just have to be patient.
Cheers,
Jaap
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
