Re: principal/username mapping for Kerberized ssh
- From: "Richard E. Silverman" <res@xxxxxxxx>
- Date: Thu, 21 Feb 2008 23:41:33 -0500
"grackle" == grackle <davidhuebel@xxxxxxxxx> writes:
grackle> I've been searching in vain for any documentation about how
grackle> Kerberized ssh authorizes an authenticated Kerberos principal
grackle> to connect as a certain user. The default behavior seems to
grackle> be that the principal name (not including the realm) must
grackle> match the Unix username. For example,
grackle> user123@xxxxxxxxxxxxxxxxxxx can log in as user123.
grackle> Can I configure this behavior? Specifically, I want to
grackle> configure ssh so that a specified list of Kerberos principals
grackle> is authorized to connect as a certain user.
List the principals in ~/.k5login.
grackle> Even better would be to allow any Kerberos principal matching a specified
grackle> pattern to connect as that user.
See documentation on auth_to_local rules in krb5.conf.
grackle> Is this possible?
grackle> Thanks, David
--
Richard Silverman
res@xxxxxxxx
.
- Follow-Ups:
- Re: principal/username mapping for Kerberized ssh
- From: grackle
- Re: principal/username mapping for Kerberized ssh
- References:
- principal/username mapping for Kerberized ssh
- From: grackle
- principal/username mapping for Kerberized ssh
- Prev by Date: Re: change IP addresses from xxx.xx.xx.xx to xxx.xx.xx.yz, the ssh session hang
- Next by Date: Re: principal/username mapping for Kerberized ssh
- Previous by thread: principal/username mapping for Kerberized ssh
- Next by thread: Re: principal/username mapping for Kerberized ssh
- Index(es):
