Re: auth_to_local
- From: "Markus Moeller" <huaraz@xxxxxxxxxxxxxxxx>
- Date: Tue, 29 Aug 2006 19:36:42 +0100
I am not sure if I understand the rules. I have two domains which trust each
other and I'd like to avoid the use of a .k5login to allow a user of one
domain to login into a system of the other. Can I do the following ?
On a host server.a.com can I have a config file like:
[libdefaults]
default_realm = A.COM
[realms]
A.COM = {
kdc = kdc.a.com
admin_server = kdc.a.com
auth_to_local = {
RULE:[1:$1](.*@A.COM)s/@.*/-a/
DEFAULT
}
}
B.COM = {
kdc = kdc.b.com
admin_server = kdc.b.com
auth_to_local = {
RULE:[1:$1](.*@B.COM)s/@.*/-b/
DEFAULT
}
}
[domain_realm]
.a.com = A.COM
.b.com = B.COM
which maps a user@xxxxx to user-a and a user@xxxxx to user-b ? I am also
not sure if I login as user@xxxxx on server.a.com will the realm section for
A.COM be used or the section for B.COM ?
Is there a way to debug/test the rules ?
Thank you
Markus
"Russ Allbery" <rra@xxxxxxxxxxxx> wrote in message
news:87veoc71xu.fsf@xxxxxxxxxxxxxxxxxxxxxxxx
Markus Moeller <huaraz@xxxxxxxxxxxxxxxx> writes:
Is there anywhere a documentation of how to use RULES with auth_to_local
?
Yeah, it's in the info documentation, in the krb5-admin doc under
Configuration Files / krb5.conf / realms.
--
Russ Allbery (rra@xxxxxxxxxxxx) <http://www.eyrie.org/~eagle/>
.
- Follow-Ups:
- Re: auth_to_local
- From: "Douglas E. Engert"
- Re: auth_to_local
- References:
- auth_to_local
- From: Markus Moeller
- Re: auth_to_local
- From: Russ Allbery
- auth_to_local
- Prev by Date: Re: sshd, Tiger and KRB5CCNAME
- Next by Date: Re: Kerberos for Windows 3.0/3.1
- Previous by thread: Re: auth_to_local
- Next by thread: Re: auth_to_local
- Index(es):
Relevant Pages
|
