Re: openssh with cross-realm kerberos (heimdal) authentication
- From: Steven Van Acker <deepstar@xxxxxxxxxxx>
- Date: Tue, 30 May 2006 09:24:45 +0200
On Mon, May 29, 2006 at 11:41:32PM +0100, Simon Wilkinson wrote:
Steven Van Acker wrote:
I'm trying to get cross-realm authentication to work between A.COM and
B.NET for openssh.
the KDC from A.COM has a principal user@xxxxxx
the KDC from B.NET has the principal host/sshserver@xxxxx
There's also a principal krbtgt/B.NET@xxxxx on both KDC's.
Is user@xxxxx authorized to access <user>'s account on the ssh server?
If the server's default realm is B.NET, the standard configuration will
only allow user@xxxxx to access that account.
You need to investigate the documentation for ~/.k5login, or whatever
other mechanisms your Kerberos library provides for authorizing
cross-realm principals.
Simon.
Hello,
thx for replying so fast.
The problem was indeed the default_realm. I changed it 2 seconds after I
sent my mail, to see if that was causing the problem, and it worked.
So my cry for help was a bit premature :)
Thanks for the help!
kind regards,
-- Steven
- References:
- openssh with cross-realm kerberos (heimdal) authentication
- From: Steven Van Acker
- Re: openssh with cross-realm kerberos (heimdal) authentication
- From: Simon Wilkinson
- openssh with cross-realm kerberos (heimdal) authentication
- Prev by Date: Re: openssh with cross-realm kerberos (heimdal) authentication
- Next by Date: Encrypt "identity" with aes256, not with des3: is ssh able to decrypt it?
- Previous by thread: Re: openssh with cross-realm kerberos (heimdal) authentication
- Next by thread: Encrypt "identity" with aes256, not with des3: is ssh able to decrypt it?
- Index(es):
Relevant Pages
|
