On Fri, Dec 18, 2009 at 03:13:22PM -0500, Dan Scott wrote: > > I've just read Simo Sorce's comments about system users and I think > that this may be causing some of my problems. If I read this > correctly, I cannot just ssh from one machine to another in a > different realm using a user in the first realm?
You can, but since kerberos is only handling authentication you additionally need to provide uids/gids etc on the other box, the user account data. > Is this related to > the LDAP configuration/entries? ldap-directory is one way to host it, a quick fix for debugging is just 'useradd'ing the user on the destination server. For authorization that data is then used. > When cross-realm authentication is discussed, does that mean only > authentication? Or does it include authorization as well? In kerberos-terms its purely for authentication. Christian _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users