[27790] in Kerberos
Re: Joining a multiple realm AD environment
daemon@ATHENA.MIT.EDU (Chris Penney)
Fri May 18 15:25:55 2007
Message-ID: <111aefd0705180943g699cf03fh5142e1dfbcba181e@mail.gmail.com>
Date: Fri, 18 May 2007 12:43:53 -0400
From: "Chris Penney" <penney@msu.edu>
To: kerberos@mit.edu
In-Reply-To: <f2i9ru$1gf$1@sea.gmane.org>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 5/17/07, Douglas E. Engert <deengert@anl.gov> wrote:
> Whoses pam_krb5? Russ Allbery's has some extra options that might
> try both realms.
On 5/17/07, Markus Moeller <huaraz@moeller.plus.com> wrote:
> You need entries like (assuming that users are uniq over both domains
> and you have more users in LOC1.DOM.COM)
> other auth sufficient pam_krb5 REALM=LOC1.DOM.COM
> other auth sufficient pam_krb5 REALM=LOC2.DOM.COM
Ah! I see. I used the pam_krb5 that Douglas noted and the pam config
lines you noted and it works basically as intended.
Do you still have to do this even if you add the system to AD via a
"User" account?
Thanks!
Chris
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
