On Mon, Mar 29, 2010 at 11:03 AM, Russ Allbery <[email protected]> wrote:
> >> The krb5.conf man page seems to indicate that you can have multiple >> Kerberos REALMS defined in a single krb5.conf file. > >> Will doing this allow authentication to multiple realms? If so, will it >> try and contact each defined realm until it sees a matching principal? > > It depends on what you mean by "it." If you mean kinit, I don't believe > it has support for this. If you mean something else, it depends on the > application. For example, you can configure my pam-krb5 PAM module to do > this. Good point.. By it I mean this.. I have an LDAP setup with all users contained within the tree. However these users are broken into 4 KRB REALMS. I use pam_krb5 for authentication and it works for the default realm. Do you have any links describing how to setup pam_krb5 for multi realm? This is basically what I am chasing. > I believe MIT Kerberos only lets you define a single default realm, which > is the realm used for authentication if no realm is specified in the > principal name. (However, you can do things with server referrals.) Can you please elaborate on what you mean by server referral? Do you mean server referral as in LDAP server referrals or as in a referral to another KDC for authentication? May be a dumb question..I know LDAP server referrals are possible but don't know if KRB allows it. Thanks again > > -- > Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
