Re: openssh with cross-realm kerberos (heimdal) authentication
- From: Simon Wilkinson <simon@xxxxxxxxxx>
- Date: Mon, 29 May 2006 23:41:32 +0100
Steven Van Acker wrote:
I'm trying to get cross-realm authentication to work between A.COM and
B.NET for openssh.
the KDC from A.COM has a principal user@xxxxxx
the KDC from B.NET has the principal host/sshserver@xxxxx
There's also a principal krbtgt/B.NET@xxxxx on both KDC's.
Is user@xxxxx authorized to access <user>'s account on the ssh server?
If the server's default realm is B.NET, the standard configuration will
only allow user@xxxxx to access that account.
You need to investigate the documentation for ~/.k5login, or whatever
other mechanisms your Kerberos library provides for authorizing
cross-realm principals.
Simon.
- Follow-Ups:
- Re: openssh with cross-realm kerberos (heimdal) authentication
- From: Steven Van Acker
- Re: openssh with cross-realm kerberos (heimdal) authentication
- References:
- openssh with cross-realm kerberos (heimdal) authentication
- From: Steven Van Acker
- openssh with cross-realm kerberos (heimdal) authentication
- Prev by Date: openssh with cross-realm kerberos (heimdal) authentication
- Next by Date: Re: openssh with cross-realm kerberos (heimdal) authentication
- Previous by thread: openssh with cross-realm kerberos (heimdal) authentication
- Next by thread: Re: openssh with cross-realm kerberos (heimdal) authentication
- Index(es):
Relevant Pages
|
|
