Re: AD, pam and Kerberos?
- From: kvk@xxxxxxxxx (Konstantin Kunshchikov)
- Date: Fri, 18 Aug 2006 16:37:21 +0400
For the multi-realm setup with the Active Directory only you can look at
the samba winbindd.
It do the same thing as nss_ldap/pam_krb5 and also can be easily
configured on "DOMAIN+Username" user names.
regards,
Konstantin.
JK (Jesper Agerbo Krogh) wrote:
Hi All.
We have a setup with several Active Directory domains that individually
trusts
each other. Each domain translates into each own Kerberos REALM as far
as I'm understanding the systems.
But prinicipals are unique across the realms. Thus if jk@realm1 exixts,
then
It doesn't exist in the other realms.
I'd like to use kerberos for the password lookup in the Linux system
using pam. This
Works fine with one "realm" but since the system only looks up users in
the "default realm" I cannot validate users from the other realms.
(This is pam for login on Linux Server/Workstations)
Is it possible to get a "multi"-realm setup like this to work? Any
pointers?
It would be nice to be able to specify a map to the kerberos client:
Jk = jk@realm1
Test = test@realm2
Or something like that.
Jesper
________________________________________________
Kerberos mailing list Kerberos@xxxxxxx
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@xxxxxxx
https://mailman.mit.edu/mailman/listinfo/kerberos
.
- References:
- AD, pam and Kerberos?
- From: "JK (Jesper Agerbo Krogh)"
- AD, pam and Kerberos?
- Prev by Date: Re: Is fix for 818173 present in win-xp sp2?
- Next by Date: Re: AW: AW: Validation with Kerberos 5, SAP Linux, SNC for SSO
- Previous by thread: Re: AD, pam and Kerberos?
- Next by thread: Re: AD, pam and Kerberos?
- Index(es):
Relevant Pages
|
