On 2006-03-30 01:21:04 +0200, Quinten <[EMAIL PROTECTED]> said: > Our environment is currently using 2 AD/realms. I am trying to set up > a RHEL3 host to authenticate users from both realms. If the > default_realm in /etc/krb5.conf is set to one realm, the users in the > other realm cannot authenticate and vice versa. So there is no issue on > any settings, they just seem unable to coexist.
Naive question... can you kinit the NOT_DEFAULT_REALM? > The pam_krb5.so module in /etc/pam.d/system-auth is set to > "sufficient". I have tried to add another entry: > > account sufficient /lib/security/$ISA/pam_krb5.so.0 > account sufficient /lib/security/$ISA/pam_krb5.so.0\ realm=not.my.default Is that a backslash? > There is a similar setup we have on Solaris hosts that does actually work. Similar? How? What is the difference? > I am not quite sure whether this is a PAM or a pam_krb5 issue. Does > anyone have any suggestions or ideas how to solve this? Post more informations, pam settings, krb5.conf on both sides, ... -- Sensei <[EMAIL PROTECTED]> The optimist thinks this is the best of all possible worlds. The pessimist fears it is true. [J. Robert Oppenheimer] ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
