I am not sure if I understand the rules. I have two domains which trust each
other and I'd like to avoid the use of a .k5login to allow a user of one
domain to login into a system of the other. Can I do the following ?
On a host server.a.com can I have a config file like:
[libdefaults]
default_realm = A.COM
[realms]
A.COM = {
kdc = kdc.a.com
admin_server = kdc.a.com
auth_to_local = {
RULE:[1:$1]([EMAIL PROTECTED])s/@.*/-a/
DEFAULT
}
}
B.COM = {
kdc = kdc.b.com
admin_server = kdc.b.com
auth_to_local = {
RULE:[1:$1]([EMAIL PROTECTED])s/@.*/-b/
DEFAULT
}
}
[domain_realm]
.a.com = A.COM
.b.com = B.COM
which maps a [EMAIL PROTECTED] to user-a and a [EMAIL PROTECTED] to user-b ? I
am also
not sure if I login as [EMAIL PROTECTED] on server.a.com will the realm section
for
A.COM be used or the section for B.COM ?
Is there a way to debug/test the rules ?
Thank you
Markus
"Russ Allbery" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Markus Moeller <[EMAIL PROTECTED]> writes:
>
>> Is there anywhere a documentation of how to use RULES with auth_to_local
>> ?
>
> Yeah, it's in the info documentation, in the krb5-admin doc under
> Configuration Files / krb5.conf / realms.
>
> --
> Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
