Re: Realm in Username

"Sensei" == Sensei <senseiwa at Apple's mac dot com> writes:

Sensei> On 2007-03-24 10:14:39 +0100, "Richard E. Silverman"
Sensei> <res@xxxxxxxx> said:
>> I already made a stab at answering this, which I didn't see you
>> follow up on.

Sensei> I don't see any post of yours, I'm sorry. All I see is a
Sensei> sequence of posts by Miguel Sanders and 'all mail refused'.

Oops; I think they were via email instead. To summarize:

--------------------------------------------------------------------------------
"MS" == Miguel Sanders <miguelsanders@xxxxxxxxxx> writes:

MS> Dear When using a Kerberized version of telnet, I can provide the
MS> realm (so user@REALM) of the user when logging in. However when
MS> using SSH, this doesn't seem to work. Is there any way to overcome
MS> this? I am running AIX.

Not so far as I know. You could make your own krb5.conf file mapping the
destination host to the desired realm and point ssh at it with the
KRB5_CONFIG environment variable.

--------------------------------------------------------------------------------
On Tue, 20 Mar 2007, Miguel Sanders wrote:

Dear

At which point could you put some intelligence whether krb5.conf A or krb5.conf B should be
used? (with the exception of default_realm, they are the same).

You would add mappings for the hosts in question to the domain_realm section, not change the
default realm. And as I indicated, you set the KRB5_CONFIG variable for the program, e.g.
(with bash):

$ KRB5_CONFIG=krb5.conf.mine ssh ...

--------------------------------------------------------------------------------

--
Richard Silverman
res@xxxxxxxx

.