Re: Realm in Username
- From: "Richard E. Silverman" <res@xxxxxxxx>
- Date: 24 Mar 2007 05:14:39 -0400
"MS" == Sensei <senseiwa at Apple's mac dot com> writes:
MS> On 2007-03-20 08:34:00 +0100, "Miguel Sanders"
MS> <miguelsanders@xxxxxxxxxx> said:
>> Dear When using a Kerberized version of telnet, I can provide the
>> realm (so user@REALM) of the user when logging in. However when
>> using SSH, this doesn't seem to work. Is there any way to overcome
>> this? I am running AIX.
I already made a stab at answering this, which I didn't see you follow up
on. What version of telnet are you running? I have not seen one that
allowed you to say "telnet -l user@REALM host". I don't even know what
this would mean: telnet can only send credentials which it can obtain via
Kerberos from your ccache, hence only use the principal owning your TGT.
Besides, the -l argument is the authorization name, not the authentication
name, so in a Unix context this would look for a Unix *account* named
"user@REALM", which generally would not exist; there will be an account
named "user", which the Kerberos principal "user@REALM" is authorized to
access.
There is this option:
-k realm
If Kerberos authentication is being used, the -k option requests
that telnet obtain tickets for the remote host in realm realm
instead of the remote host's realm, as determined by
krb_realmofhost(3).
.... but this has nothing to do with the realm of the principal
authenticating, but rather as the doc says, gives an alternate realm for
the target host. I told you how to work around this in my earlier post.
--
Richard Silverman
res@xxxxxxxx
.
- Follow-Ups:
- Re: Realm in Username
- From: Sensei
- Re: Realm in Username
- References:
- Realm in Username
- From: Miguel Sanders
- Re: Realm in Username
- From: Sensei
- Realm in Username
- Prev by Date: Re: Realm in Username
- Next by Date: Re: Realm in Username
- Previous by thread: Re: Realm in Username
- Next by thread: Re: Realm in Username
- Index(es):
Relevant Pages
|
|
