>>>>> "Philippe" == Philippe Perrin <[EMAIL PROTECTED]> writes:
Philippe> Hello
Philippe> I'm now willing to allow users authenticated in REALM1 to use services of
Philippe> REALM2. I configured everything as I think I should have, and then I
made a
Philippe> user authenticate in REALM1, and used a telnet server in REALM2. The only
Philippe> way I found to make it work was to add a ~/.k5login file containing
Philippe> "user@REALM1" on the server.
Philippe> How could I avoid writing such files for every user ? Can I make this
server
That's how it should work. Cross realm keys only enable
authentication between the two realms; they say nothing about
authorization.
There's a function called krb5_aname_to_lname that maps principals
into local user names. You might be able to configure this function
to do what you need. Unfortunately, I forget how this function is
configured. I'm not sure if there is any better documentation than
the source; look at src/lib/krb5/os/an_to_ln.c.
_______________________________________________
Kerberos mailing list
[EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos
