On Wed, Jul 18, 2012 at 12:45 PM, Gabriel L. Somlo <[email protected]> wrote:
> I can easily (via kinit, or the Ticket Viewer) acquire tickets for any > Via kinit? Really? Kerberos doesn't really have a good way t deal with multiple realms. Apple's modified Kerberos tries to work around this (so it *does* sort of work from Ticket Viewer) but the standard Kerberos APIs don't provide ways to specify the realm credentials to use. This means (a) not much if any support from login, and (b) programs like Samba and OpenAFS can only see the currently selected credentials in Ticket Viewer, not all of them. I will also note that this would only work "well" at login if you used the same password in both realms, which is a very bad idea and possibly a security violation. -- brandon s allbery [email protected] wandering unix systems administrator (available) (412) 475-9364 vm/sms
