For the multi-realm setup with the Active Directory only you can look at the samba winbindd. It do the same thing as nss_ldap/pam_krb5 and also can be easily configured on "DOMAIN+Username" user names.
regards, Konstantin. JK (Jesper Agerbo Krogh) wrote: > Hi All. > > We have a setup with several Active Directory domains that individually > trusts > each other. Each domain translates into each own Kerberos REALM as far > as I'm understanding the systems. > > But prinicipals are unique across the realms. Thus if [EMAIL PROTECTED] > exixts, > then > It doesn't exist in the other realms. > > I'd like to use kerberos for the password lookup in the Linux system > using pam. This > Works fine with one "realm" but since the system only looks up users in > the "default realm" I cannot validate users from the other realms. > > (This is pam for login on Linux Server/Workstations) > > Is it possible to get a "multi"-realm setup like this to work? Any > pointers? > > It would be nice to be able to specify a map to the kerberos client: > > Jk = [EMAIL PROTECTED] > Test = [EMAIL PROTECTED] > > Or something like that. > > Jesper > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
