[31212] in Kerberos
krb5_aname_to_localname() issue
daemon@ATHENA.MIT.EDU (Guillaume Rousse)
Wed Jun 3 11:06:09 2009
Message-ID: <4A269123.7030204@inria.fr>
Date: Wed, 03 Jun 2009 17:05:07 +0200
From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hello list.
We use apache-mod_auth_kerb 5.4, with
KrbLocalUserMapping directive, allowing to map foo@REALM user string to
foo, through krb5_aname_to_localname() function.
However, while it works perfectly with principal from the local domains,
it doesn't with principal from other domains, for which a trust
relationship is established:
krb5_aname_to_localname() found no mapping for principal
garet@LILLE.FUTURS.INRIA.FR
According to krb5_aname_to_localname man page, this is quite normal:
This function takes a principal name, verifies that it is in the local
realm (using krb5_get_default_realms())
The man page for krb5_get_default_realms() seems to imply there could be
several default realms, but I didn't found any way to configure it in
krb5.conf (default_realm only takes one).
So, how can I also map principals from other trusted realms ?
--
Guillaume Rousse
Service des Moyens Informatiques
INRIA Saclay - Île-de-France
Parc Orsay Université, 4 rue J. Monod
91893 Orsay Cedex France
Tel: 01 69 35 69 62
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
